Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757216AbZALUui (ORCPT ); Mon, 12 Jan 2009 15:50:38 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751786AbZALUu3 (ORCPT ); Mon, 12 Jan 2009 15:50:29 -0500 Received: from mail-bw0-f21.google.com ([209.85.218.21]:53434 "EHLO mail-bw0-f21.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751556AbZALUu2 (ORCPT ); Mon, 12 Jan 2009 15:50:28 -0500 Message-ID: <496BAD1C.5060201@colorfullife.com> Date: Mon, 12 Jan 2009 21:50:36 +0100 From: Manfred Spraul User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: =?UTF-8?B?S3Jpc3RpYW4gSMO4Z3NiZXJn?= CC: Stefan Richter , Andrew Morton , dcm@acm.org, Nadia Derbey , linux1394-devel , linux-kernel , "Paul E. McKenney" Subject: Re: [PATCH] lib/idr.c: Zero memory properly in idr_remove_all References: <1231571060.3538.18.camel@localhost.localdomain> <49686465.70501@s5r6.in-berlin.de> <20090110011557.9d94e111.akpm@linux-foundation.org> <496872E0.9030007@s5r6.in-berlin.de> <1231773620.6365.21.camel@gaara.bos.redhat.com> <496B9FC7.3090108@colorfullife.com> <1231792712.6365.31.camel@gaara.bos.redhat.com> In-Reply-To: <1231792712.6365.31.camel@gaara.bos.redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1782 Lines: 48 Kristian Høgsberg wrote: > On Mon, 2009-01-12 at 20:53 +0100, Manfred Spraul wrote: > >> Kristian Høgsberg wrote: >> >>> The problem >>> isn't about returning un-zeroed-out objects to the kmem cache, the >>> problem is returning them to the idr free list. >>> >>> >> I think this is wrong: >> The slab allocator assumes that the objects that are given to >> kmem_cache_free() are properly constructed. >> I.e.: No additional constructor is called prior to returning the object >> from the next kmem_cache_alloc() call. >> > > That's fine, the ctor associated with the kmem cache is called, and in > the case of idr, it does a memset(). > No. As I said, the construtor is not called. An object that is given to kmem_cache_free() must be properly constructed. kmem_cache_free() just adds the obj pointer to a list, the next kmem_cache_alloc returns the pointer. This is also documented in mm/slab.c: * The memory is organized in caches, one cache for each object type. * (e.g. inode_cache, dentry_cache, buffer_head, vm_area_struct) * Each cache consists out of many slabs (they are small (usually one * page long) and always contiguous), and each slab contains multiple * initialized objects. * * This means, that your constructor is used only for newly allocated * slabs and you must pass objects with the same initializations to * kmem_cache_free. * If the idr code passes uninitialized objects to kmem_cache_free(), then the next kmem_cache_alloc will return a bad object. -- Manfred -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/