2009-09-05 14:15:16

by Pekka Enberg

[permalink] [raw]
Subject: [GIT PULL] SLUB RCU fix for 2.6.31

Hi Linus,

Here's a last minute RCU fix for SLUB from Eric Dumazet. It's a bug fix to Paul
McKenney's commit 7ed9f7e5db58c6e8c2b4b738a75d5dcd8e17aad5 ("fix
RCU-callback-after-kmem_cache_destroy problem in sl[aou]b") that added the
rcu_barrier() call too early in kmem_cache_destroy(). You can find full
discussion of the bug here:

http://thread.gmane.org/gmane.linux.kernel/876016/focus=876086

The bug can be triggered with "rmmod nf_conntrack", for example. I think
the fix is simple enough to be merged this late in the release cycle
but we can also defer the fix to 2.6.31.1 if you don't feel comfortable
with merging it now.

Pekka

The following changes since commit 326ba5010a5429a5a528b268b36a5900d4ab0eba:
Linus Torvalds (1):
Linux 2.6.31-rc8

are available in the git repository at:

ssh://master.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6 slab/urgent

Eric Dumazet (1):
slub: Fix kmem_cache_destroy() with SLAB_DESTROY_BY_RCU

mm/slub.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/mm/slub.c b/mm/slub.c
index b9f1491..b627675 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2594,8 +2594,6 @@ static inline int kmem_cache_close(struct kmem_cache *s)
*/
void kmem_cache_destroy(struct kmem_cache *s)
{
- if (s->flags & SLAB_DESTROY_BY_RCU)
- rcu_barrier();
down_write(&slub_lock);
s->refcount--;
if (!s->refcount) {
@@ -2606,6 +2604,8 @@ void kmem_cache_destroy(struct kmem_cache *s)
"still has objects.\n", s->name, __func__);
dump_stack();
}
+ if (s->flags & SLAB_DESTROY_BY_RCU)
+ rcu_barrier();
sysfs_slab_remove(s);
} else
up_write(&slub_lock);