>> +/*
>> + * This functions either consumes the pwq_slot, or allocates a new
>
> "This function"
Thanks, will fix.
>> + if (ep->pwq_slot)
>> + kmem_cache_free(pwq_cache, ep->pwq_slot);
>
> A NULL check isn't necessary before kmem_cache_free().
Thanks, noted, will fix.
>> @@ -1384,7 +1419,7 @@ static void ep_ptable_queue_proc(struct file
*file, wait_queue_head_t *whead,
>> if (unlikely(!epi)) // an earlier allocation has failed
>> return;
>>
>> - pwq = kmem_cache_alloc(pwq_cache, GFP_KERNEL);
>> + pwq = ep_alloc_pwq(epi->ep);
>
> What guarantees that ep->mtx is held here?
The "ep_ptable_queue_proc" is invoked as a poll callback when
"ep_insert" attaches the item added to the poll hooks,
"ep_insert" is called with the "ep->mtx" held.
