On Thu 19-12-13 13:36:42, Vladimir Davydov wrote: > On 12/19/2013 01:28 PM, Michal Hocko wrote: > > On Wed 18-12-13 17:16:57, Vladimir Davydov wrote: [...] > >> diff --git a/mm/slab.h b/mm/slab.h > >> index 1d8b53f..53b81a9 100644 > >> --- a/mm/slab.h > >> +++ b/mm/slab.h > >> @@ -164,10 +164,16 @@ static inline struct kmem_cache * > >> cache_from_memcg_idx(struct kmem_cache *s, int idx) > >> { > >> struct kmem_cache *cachep; > >> + struct memcg_cache_params *params; > >> > >> if (!s->memcg_params) > >> return NULL; > >> - cachep = s->memcg_params->memcg_caches[idx]; > >> + > >> + rcu_read_lock(); > >> + params = rcu_dereference(s->memcg_params); > >> + cachep = params->memcg_caches[idx]; > >> + rcu_read_unlock(); > >> + > > Consumer has to be covered by the same rcu section otherwise > > memcg_params might be freed right after rcu unlock here. > > No. We protect only accesses to kmem_cache::memcg_params, which can > potentially be relocated for root caches. Hmm, ok. So memcg_params might change (a new memcg is accounted) but pointers at idx will be same, right? > But as soon as we get the > pointer to a kmem_cache from this array, we can freely dereference it, > because the cache cannot be freed when we use it. This is, because we > access a kmem_cache either under the slab_mutex or > memcg->slab_caches_mutex, or when we allocate/free from it. While doing > the latter, the cache can't go away, it would be a bug. IMO. That expects that cache_from_memcg_idx is always called with slab_mutex or slab_caches_mutex held, right? Please document it. > > Thanks. -- Michal Hocko SUSE Labs -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>