On Tue, 8 Sep 2015, Dmitry Vyukov wrote: > > There is no access to p in the first thread. If there are such accesses > > then they are illegal. A user of slab allocators must ensure that there > > are no accesses after freeing the object. And since there is a thread > > that at random checks p and frees it when not NULL then no other thread > > would be allowed to touch the object. > > > But the memory allocator itself (kmalloc/kfree) generally reads and > writes the object (e.g. storing object size in header before object, > writing redzone in debug mode, reading and checking redzone in debug > mode, building freelist using first word of the object, etc). There is > no different between user accesses and memory allocator accesses just > before returning the object from kmalloc and right after accepting the > object in kfree. There is a difference. The object is not accessible to any code before kmalloc() returns. And it must not be accessible anymore when kfree() is called. Thus the object is under exclusive control of the allocators when it is handled. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>