On 06/01/2012 11:52 PM, Christoph Lameter wrote:
> kmem_cache_destroy does basically the same in all allocators.
>
> Extract common code which is easy since we already have common mutex handling.
>
> Signed-off-by: Christoph Lameter <cl@xxxxxxxxx>
>
>
> ---
>
> + return kmem_cache_close(s);
> +}
> +
> +void __kmem_cache_destroy(struct kmem_cache *s)
> +{
> + sysfs_slab_remove(s);
> + kfree(s);
> }
> -EXPORT_SYMBOL(kmem_cache_destroy);
>
Christoph,
While testing corner cases of slab memcg, I reached a bug that can be
tracked down to those patches. They are not merged yet, so please mind
them in your next submission. The problem seem to be a consequence of
more than one patch, this one included.
Problem is that you are now allocating objects from kmem_cache with
kmem_cache_alloc, but freeing it with kfree - and in multiple locations.
In particular, after the whole series is applied, you will have a call
to "kfree(s)" in sysfs_slab_remove() that is called from
kmem_cache_shutdown(), and later on kmem_cache_free(kmem_cache, s) from
the destruction common code -> a double free.
Please fix this for the next round.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>