Slab caches with refcount 0 are in the process of being destroyed so it's undesirable for new caches to attempt merging with them. A synchronous destruction happens under slab_mutex thus excluding concurrent cache creation and merging. Full destruction of SLAB_TYPESAFE_BY_RCU caches might be delayed, but the cache is still taken off the slab_caches list immediately, thus unreachable by cache creation. However a cache where __kmem_cache_shutdown() fails because it contains objects that were not freed (due to a bug in the cache user) will be left on the slab_caches list and might be considered for merging. Also the following patches will introduce a possibility of a cache with refcount 0 being temporarily reachable on the slab_list even in case of no bugs, due to kfree_rcu() in flight. For these reasons, prevent merging with caches that have zero refcount. Signed-off-by: Vlastimil Babka <vbabka@xxxxxxx> --- mm/slab_common.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mm/slab_common.c b/mm/slab_common.c index 70943a4c1c4b..3ba205bda95d 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -150,9 +150,11 @@ int slab_unmergeable(struct kmem_cache *s) #endif /* - * We may have set a slab to be unmergeable during bootstrap. + * We may have set a cache to be unmergeable (-1) during bootstrap. + * 0 is for cache being destroyed asynchronously, or cache that failed + * to destroy due to outstanding objects. */ - if (s->refcount < 0) + if (s->refcount <= 0) return 1; return 0; -- 2.45.2
