On Thu 19-12-13 13:36:42, Vladimir Davydov wrote:
> On 12/19/2013 01:28 PM, Michal Hocko wrote:
> > On Wed 18-12-13 17:16:57, Vladimir Davydov wrote:
[...]
> >> diff --git a/mm/slab.h b/mm/slab.h
> >> index 1d8b53f..53b81a9 100644
> >> --- a/mm/slab.h
> >> +++ b/mm/slab.h
> >> @@ -164,10 +164,16 @@ static inline struct kmem_cache *
> >> cache_from_memcg_idx(struct kmem_cache *s, int idx)
> >> {
> >> struct kmem_cache *cachep;
> >> + struct memcg_cache_params *params;
> >>
> >> if (!s->memcg_params)
> >> return NULL;
> >> - cachep = s->memcg_params->memcg_caches[idx];
> >> +
> >> + rcu_read_lock();
> >> + params = rcu_dereference(s->memcg_params);
> >> + cachep = params->memcg_caches[idx];
> >> + rcu_read_unlock();
> >> +
> > Consumer has to be covered by the same rcu section otherwise
> > memcg_params might be freed right after rcu unlock here.
>
> No. We protect only accesses to kmem_cache::memcg_params, which can
> potentially be relocated for root caches.
Hmm, ok. So memcg_params might change (a new memcg is accounted) but
pointers at idx will be same, right?
> But as soon as we get the
> pointer to a kmem_cache from this array, we can freely dereference it,
> because the cache cannot be freed when we use it. This is, because we
> access a kmem_cache either under the slab_mutex or
> memcg->slab_caches_mutex, or when we allocate/free from it. While doing
> the latter, the cache can't go away, it would be a bug. IMO.
That expects that cache_from_memcg_idx is always called with slab_mutex
or slab_caches_mutex held, right? Please document it.
>
> Thanks.
--
Michal Hocko
SUSE Labs
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>