| Message ID | 20240715-b4-slab-kfree_rcu-destroy-v1-1-46b2984c2205@suse.cz (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | mm, slub: handle pending kfree_rcu() in kmem_cache_destroy() | expand |
On Mon, 15 Jul 2024, Vlastimil Babka wrote: > Slab caches with refcount 0 are in the process of being destroyed so > it's undesirable for new caches to attempt merging with them. A > synchronous destruction happens under slab_mutex thus excluding > concurrent cache creation and merging. Full destruction of > SLAB_TYPESAFE_BY_RCU caches might be delayed, but the cache is still > taken off the slab_caches list immediately, thus unreachable by cache > creation. > > However a cache where __kmem_cache_shutdown() fails because it contains > objects that were not freed (due to a bug in the cache user) will be > left on the slab_caches list and might be considered for merging. > Also the following patches will introduce a possibility of a cache with > refcount 0 being temporarily reachable on the slab_list even in case of > no bugs, due to kfree_rcu() in flight. > > For these reasons, prevent merging with caches that have zero refcount. > > Signed-off-by: Vlastimil Babka <vbabka@suse.cz> Acked-by: David Rientjes <rientjes@google.com>
diff --git a/mm/slab_common.c b/mm/slab_common.c index 70943a4c1c4b..3ba205bda95d 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -150,9 +150,11 @@ int slab_unmergeable(struct kmem_cache *s) #endif /* - * We may have set a slab to be unmergeable during bootstrap. + * We may have set a cache to be unmergeable (-1) during bootstrap. + * 0 is for cache being destroyed asynchronously, or cache that failed + * to destroy due to outstanding objects. */ - if (s->refcount < 0) + if (s->refcount <= 0) return 1; return 0;
Slab caches with refcount 0 are in the process of being destroyed so it's undesirable for new caches to attempt merging with them. A synchronous destruction happens under slab_mutex thus excluding concurrent cache creation and merging. Full destruction of SLAB_TYPESAFE_BY_RCU caches might be delayed, but the cache is still taken off the slab_caches list immediately, thus unreachable by cache creation. However a cache where __kmem_cache_shutdown() fails because it contains objects that were not freed (due to a bug in the cache user) will be left on the slab_caches list and might be considered for merging. Also the following patches will introduce a possibility of a cache with refcount 0 being temporarily reachable on the slab_list even in case of no bugs, due to kfree_rcu() in flight. For these reasons, prevent merging with caches that have zero refcount. Signed-off-by: Vlastimil Babka <vbabka@suse.cz> --- mm/slab_common.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)