lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240715-b4-slab-kfree_rcu-destroy-v1-1-46b2984c2205@suse.cz>
Date: Mon, 15 Jul 2024 22:29:27 +0200
From: Vlastimil Babka <vbabka@...e.cz>
To: "Paul E. McKenney" <paulmck@...nel.org>, 
 Joel Fernandes <joel@...lfernandes.org>, 
 Josh Triplett <josh@...htriplett.org>, Boqun Feng <boqun.feng@...il.com>, 
 Christoph Lameter <cl@...ux.com>, David Rientjes <rientjes@...gle.com>
Cc: Steven Rostedt <rostedt@...dmis.org>, 
 Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, 
 Lai Jiangshan <jiangshanlai@...il.com>, Zqiang <qiang.zhang1211@...il.com>, 
 Julia Lawall <Julia.Lawall@...ia.fr>, Jakub Kicinski <kuba@...nel.org>, 
 "Jason A. Donenfeld" <Jason@...c4.com>, 
 "Uladzislau Rezki (Sony)" <urezki@...il.com>, 
 Andrew Morton <akpm@...ux-foundation.org>, 
 Roman Gushchin <roman.gushchin@...ux.dev>, 
 Hyeonggon Yoo <42.hyeyoo@...il.com>, linux-mm@...ck.org, 
 linux-kernel@...r.kernel.org, rcu@...r.kernel.org, 
 Vlastimil Babka <vbabka@...e.cz>
Subject: [PATCH RFC 1/6] mm, slab: make caches with refcount of 0
 unmergeable

Slab caches with refcount 0 are in the process of being destroyed so
it's undesirable for new caches to attempt merging with them. A
synchronous destruction happens under slab_mutex thus excluding
concurrent cache creation and merging. Full destruction of
SLAB_TYPESAFE_BY_RCU caches might be delayed, but the cache is still
taken off the slab_caches list immediately, thus unreachable by cache
creation.

However a cache where __kmem_cache_shutdown() fails because it contains
objects that were not freed (due to a bug in the cache user) will be
left on the slab_caches list and might be considered for merging.
Also the following patches will introduce a possibility of a cache with
refcount 0 being temporarily reachable on the slab_list even in case of
no bugs, due to kfree_rcu() in flight.

For these reasons, prevent merging with caches that have zero refcount.

Signed-off-by: Vlastimil Babka <vbabka@...e.cz>
---
 mm/slab_common.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/mm/slab_common.c b/mm/slab_common.c
index 70943a4c1c4b..3ba205bda95d 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
@@ -150,9 +150,11 @@ int slab_unmergeable(struct kmem_cache *s)
 #endif
 
 	/*
-	 * We may have set a slab to be unmergeable during bootstrap.
+	 * We may have set a cache to be unmergeable (-1) during bootstrap.
+	 * 0 is for cache being destroyed asynchronously, or cache that failed
+	 * to destroy due to outstanding objects.
 	 */
-	if (s->refcount < 0)
+	if (s->refcount <= 0)
 		return 1;
 
 	return 0;

-- 
2.45.2


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ