On Tue, 27 Feb 2024, Chengming Zhou wrote:
We could mark the state change (list ownership) in the slab metadata and then abort the scan if the state mismatches the list.
It seems feasible, maybe something like below?
But this way needs all kmem_caches have SLAB_TYPESAFE_BY_RCU, right?
No.
If a slab is freed to the page allocator and the fields are reused in a
different way then we would have to wait till the end of the RCU period.
This could be done with a deferred free. Otherwise we have the type
checking to ensure that nothing untoward happens in the RCU period.
The usually shuffle of the pages between freelists/cpulists/cpuslab and
fully used slabs would not require that.
Not sure if this is acceptable? Which may cause random delay of memory free.
```
retry:
rcu_read_lock();
h = rcu_dereference(list_next_rcu(&n->partial));
while (h != &n->partial) {
Hmm... a linked list that forms a circle? Linked lists usually terminate
in a NULL pointer.
So this would be
redo:
<zap counters>
rcu_read_lock();
h = <first>;
while (h && h->type == <our type>) {
<count h somethings>
/* Maybe check h->type again */
if (h->type != <our_type>)
break;
h = <next>;
}
rcu_read_unlock();
if (!h) /* Type of list changed under us */
goto redo;
The check for type == <our_type> is racy. Maybe we can ignore that or
we could do something additional.
Using RCU does not make sense if you add locking in the inner loop. Then
it gets too complicated and causes delay. This must be a simple fast
lockless loop in order to do what we need.
Presumably the type and list pointers are in the same cacheline and thus
could made to be updated in a coherent way if properly sequenced with
fences etc.
