Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp321578pxv;
        Thu, 8 Jul 2021 22:23:03 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyjMbKnvY/3gojhrrFuiLHuL9XjPp1ATzGdkA1b4rbIjoELtAhfTqKkW7ZTX5vdNjOUPKis
X-Received: by 2002:a92:db44:: with SMTP id w4mr6411332ilq.112.1625808183195;
        Thu, 08 Jul 2021 22:23:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1625808183; cv=none;
        d=google.com; s=arc-20160816;
        b=n1tpHRHnIqggEcf67GC9ekB3y2cuvfTYyH7Q3WfEO9rk3CS0JQtoHiNTqbmM6KEW0n
         Paxo9vy6wzBGIp8pmoQgsu5Ts+lzi+ZF5P7mayCGLtorZXI/iJEhbC/FF0rj65RO5SNO
         eI/jeZbF9So+MHNzAr/7sK5mqGoS4tbZ5MgGqKqaw9OdNjYDJbE3CZBcRUsE2uBlS+dR
         vulXElOqJz/McsuVyyYSURy+aHo6Fl47VJlPB8HrPBhqGB/Vwt0R3s7AlM50Y6jucqwx
         zUN5zndew40YRV4HA6IddKKIlpEh5c4AFvRpP2SIjZZP1hoajJZSaO1+0EhXuWfGw6CX
         nkig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id:dkim-signature;
        bh=xQ4zJNdqtLB7QSsAGJa6Q3CrGtIb5PPMZx+c98WbwOI=;
        b=wXZBDa6QuwAX5gW7l1ZUsCRvGBy2tt8sO7WyYfFlO4rp4HdIKKN8G3qkQeFLpT8j6V
         yGSNYWSYYG7ysST0XCLsqZM3wR+Vx9aI02VH7Y3X98eSLHJx2lPECFO/cP0l1uoDZ1DE
         2NMYauV1ICq3Ncn3krGlQU2qJuXvw5JVI/J+jynRYWivWLilWr1md5PMupaGQDko6vjF
         ZLsa1c4OVyvJ68NHKymv5ypr/kLKyOJqyT/z4Q27tiQtjUAC/C7sxO8qh8gK/qslCp6o
         mKxiNGw7jqoaN/iYf4OVxTl7wf6Px/Yqmmf3vXSRH7qgaNHG989QpAlr8qKlwIB+J3Ly
         1e5Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmx.net header.s=badeba3b8450 header.b=dwBZoO71;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmx.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id f12si4063443ilk.157.2021.07.08.22.22.21;
        Thu, 08 Jul 2021 22:23:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmx.net header.s=badeba3b8450 header.b=dwBZoO71;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmx.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229624AbhGIFXd (ORCPT <rfc822;makotox8664@gmail.com>
        + 99 others); Fri, 9 Jul 2021 01:23:33 -0400
Received: from mout.gmx.net ([212.227.17.20]:59597 "EHLO mout.gmx.net"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S229583AbhGIFXc (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Jul 2021 01:23:32 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
        s=badeba3b8450; t=1625808037;
        bh=OCW7oljHM6ncvS3+WmeaxtPjxKjop38O0bgGSXlwec4=;
        h=X-UI-Sender-Class:Subject:From:To:Cc:Date:In-Reply-To:References;
        b=dwBZoO71An4asQnnszWWJjKf3TKTGO/GBGxwg/jcaZzBw5A6QiI8sUVlsKek+54Jw
         EA+v45nFbvfwm4QOcvQgCJ+XHYPOPAdV2cbEfOPeI1aD23b3EfMiSJld+OAUZjhRt4
         t15bRWHSagrO8n8C+C613/zGGAn12okSNIA2XHbw=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from homer.fritz.box ([185.191.217.33]) by mail.gmx.net (mrgmx104
 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MybKf-1lFusi0rCX-00yyNh; Fri, 09
 Jul 2021 07:20:37 +0200
Message-ID: <966f27f7999acb1db8d60e241a73dfde3344345c.camel@gmx.de>
Subject: [patch] mm/slub: Fix kmem_cache_alloc_bulk() error path
From:   Mike Galbraith <efault@gmx.de>
To:     Thomas Gleixner <tglx@linutronix.de>,
        LKML <linux-kernel@vger.kernel.org>
Cc:     linux-rt-users@vger.kernel.org,
        Mel Gorman <mgorman@techsingularity.net>,
        Vlastimil Babka <vbabka@suse.cz>,
        Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Date:   Fri, 09 Jul 2021 07:20:36 +0200
In-Reply-To: <87tul5p2fa.ffs@nanos.tec.linutronix.de>
References: <87tul5p2fa.ffs@nanos.tec.linutronix.de>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.34.4 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K1:X0SMFsCtIjHy5TeQqmMzGnMgSjxHIdat64X17zv9akVokK2mr5V
 h/fBqIvDm4JgtYTRZinezDexdCg0ynG0BOnxfIqOApbeTFx43rAs5Aa75JVBcy06xq+/+YC
 WN7hyVhRXCWpSDTwuqN43bKkMqtXOPRbfmYfKYSPKhjcJerW/ivq7DkAVHLJB7Qx00r4rex
 HaHUIAuAEXAbUH5RG4SOQ==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:08dDrrprXM0=:IyqFnAUomg3/CSP/mVFmuk
 qeDV5L2fW2JLDB64tD0EMUXkYxdLOkglkGAIQ07z8P0aPCmqegtwMV/aVNY3gKjsVtsB+W5Gn
 n+a4aStrAEfj/wHsNg5P8hgohvuoRTPFw12Nt4Cb/3OxiZ/vKmcP0jHVoV+2DMiwgJlA0lAPG
 wlU9U+eXx3ofS6Nzx80hAa4cYtBzM2Qx/55Z4kkmQu6HaDhvu2/69MuT5XOaXJaMu9hhIuFEy
 DTIr0phbICTdWGrHLnGXFSURezF6fGtwRF3pTtpNS3LN7xBs1re/CMnrFwYpgz3Dv9zyYKk6V
 pq3vk1EThNJrGV0IdHyA5GLxPMd3IvnWujuad0kNcv+5oO2UqCJvg4202txT2GmsRMN0lDH2e
 sjpxZdxLfplVdzqxyBfbiZQHZgYWFEgo1ziBAf6/A8c6Nuli9o7twqHf9ZW+BU4SAQtFtXtPU
 3KT6/37cUPMIoA3OV+K8sOJw+FkzZdyEmmEgWHL+iiFFKKISkMnrP4ztm7wOqOSHF1sgeAd0k
 bIAp3t8H+enRvrGgOMHRH0nv4pGEnMzX6zagENBg3ZafPd6md2zgXY2Y2yDOLbebBQAuB01Ow
 3s2bN0r8f4A5VVQpdLmcdVeRyKgalJ89+ekB/8C489H48g//KPTqIJxtubyK46zLCCMuxCns1
 1BAN8UPkgZvZnqOletCDjTslQ1SINN5r1VJTl2k2txR3R6ZvgCkmAckLzxrSg0xA4WCFCpSJL
 5piyJiz8SdgTS3E3pG1w0nIPn8w1JlQ1fEYeHtddZhFap9TekIDfC3IiJb/+43xwJi7NSkwZt
 QkbDxsDSq9uK39mJwpcXtPj/Kp67qYv/Bcp4x1aD+U9OcWBcjdx6NpNG8NKfnP0HpA/TyNHIU
 vfzCM3edPSkRlse1HugPBOokbPyYG/QPFy6GaRX2jA1/SBINtT6PTIb4Rb5gRM0DTaRyYPZxC
 rNKkehFUnqji2QjGoQ4eiq2WAgrf49HU0Pg9DwD29SMcp6VAtJS/adnvPr1GRf4o0eDpY4kJm
 KgdZT45AtLMeBNZl0Ib9nPbXBjiA2gNM8soKmrVWr09TIruYAw1SRYOgVJbRfTl9nNqDt0vhX
 3DcKqUuk9Cg5uR69JJgzihB8pNbmkkGURZX
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


The kmem_cache_alloc_bulk() error exit path double unlocks cpu_slab->lock
instead of making the required slub_put_cpu_ptr() call.  Fix that.

Boring details:
1. 12c69bab1ece ("mm, slub: move disabling/enabling irqs to ___slab_alloc())")
adds local_irq_enable() above goto error, leaving the one at error: intact.
2. 2180da7ea70a0 ("mm, slub: use migrate_disable() on PREEMPT_RT") adds
slub_get/put_cpu_ptr() calls, missing the already broken error path,
creating unpaired slub_put_cpu_ptr()/slub_put_cpu_ptr() calls.
3. 340e7c4136c3 ("mm, slub: convert kmem_cpu_slab protection to local_lock")
converts local_irq_enable() to local_unlock_irq(), culminating in a
double unlock and unpaired slub_put_cpu_ptr()/slub_put_cpu_ptr().

Signed-off-by: Mike Galbraith <efault@gmx.de>
---
 mm/slub.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/mm/slub.c
+++ b/mm/slub.c
@@ -3605,7 +3605,7 @@ int kmem_cache_alloc_bulk(struct kmem_ca
 				slab_want_init_on_alloc(flags, s));
 	return i;
 error:
-	local_unlock_irq(&s->cpu_slab->lock);
+	slub_put_cpu_ptr(s->cpu_slab);
 	slab_post_alloc_hook(s, objcg, flags, i, p, false);
 	__kmem_cache_free_bulk(s, i, p);
 	return 0;