The kasan_quarantine_remove_cache() is called in kmem_cache_shrink()/ destroy(), the kasan_quarantine_remove_cache() call is protected by cpuslock in kmem_cache_destroy(), can ensure serialization with kasan_cpu_offline(). however the kasan_quarantine_remove_cache() call is not protected by cpuslock in kmem_cache_shrink(), when CPU going offline and cache shrink occur at same time, the cpu_quarantine may be corrupted by interrupt(per_cpu_remove_cache operation). so add cpu_quarantine offline flags check in per_cpu_remove_cache(). Signed-off-by: Zqiang <qiang1.zhang@xxxxxxxxx> --- mm/kasan/quarantine.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/kasan/quarantine.c b/mm/kasan/quarantine.c index 0e33d30abb8d..51a8192d49cf 100644 --- a/mm/kasan/quarantine.c +++ b/mm/kasan/quarantine.c @@ -330,6 +330,8 @@ static void per_cpu_remove_cache(void *arg) struct cpu_shrink_qlist *sq; #endif q = this_cpu_ptr(&cpu_quarantine); + if (READ_ONCE(q->offline)) + return; #ifndef CONFIG_PREEMPT_RT qlist_move_cache(q, &to_free, cache); qlist_free_all(&to_free, cache); -- 2.25.1
