| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aW3lHVyRUZ-lSq9r@hyeyoo>
Date: Mon, 19 Jan 2026 17:02:37 +0900
From: Harry Yoo <harry.yoo@...cle.com>
To: Vlastimil Babka <vbabka@...e.cz>
Cc: Petr Tesarik <ptesarik@...e.com>, Christoph Lameter <cl@...two.org>,
David Rientjes <rientjes@...gle.com>,
Roman Gushchin <roman.gushchin@...ux.dev>, Hao Li <hao.li@...ux.dev>,
Andrew Morton <akpm@...ux-foundation.org>,
Uladzislau Rezki <urezki@...il.com>,
"Liam R. Howlett" <Liam.Howlett@...cle.com>,
Suren Baghdasaryan <surenb@...gle.com>,
Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
Alexei Starovoitov <ast@...nel.org>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, linux-rt-devel@...ts.linux.dev,
bpf@...r.kernel.org, kasan-dev@...glegroups.com
Subject: Re: [PATCH v3 09/21] slab: add optimized sheaf refill from partial
list
On Mon, Jan 19, 2026 at 03:41:40PM +0900, Harry Yoo wrote:
> On Fri, Jan 16, 2026 at 03:40:29PM +0100, Vlastimil Babka wrote:
> > At this point we have sheaves enabled for all caches, but their refill
> > is done via __kmem_cache_alloc_bulk() which relies on cpu (partial)
> > slabs - now a redundant caching layer that we are about to remove.
> >
> > The refill will thus be done from slabs on the node partial list.
> > Introduce new functions that can do that in an optimized way as it's
> > easier than modifying the __kmem_cache_alloc_bulk() call chain.
> >
> > Extend struct partial_context so it can return a list of slabs from the
> > partial list with the sum of free objects in them within the requested
> > min and max.
> >
> > Introduce get_partial_node_bulk() that removes the slabs from freelist
> > and returns them in the list.
> >
> > Introduce get_freelist_nofreeze() which grabs the freelist without
> > freezing the slab.
> >
> > Introduce alloc_from_new_slab() which can allocate multiple objects from
> > a newly allocated slab where we don't need to synchronize with freeing.
> > In some aspects it's similar to alloc_single_from_new_slab() but assumes
> > the cache is a non-debug one so it can avoid some actions.
> >
> > Introduce __refill_objects() that uses the functions above to fill an
> > array of objects. It has to handle the possibility that the slabs will
> > contain more objects that were requested, due to concurrent freeing of
> > objects to those slabs. When no more slabs on partial lists are
> > available, it will allocate new slabs. It is intended to be only used
> > in context where spinning is allowed, so add a WARN_ON_ONCE check there.
> >
> > Finally, switch refill_sheaf() to use __refill_objects(). Sheaves are
> > only refilled from contexts that allow spinning, or even blocking.
> >
> > Signed-off-by: Vlastimil Babka <vbabka@...e.cz>
> > ---
> > mm/slub.c | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
> > 1 file changed, 264 insertions(+), 20 deletions(-)
> >
> > diff --git a/mm/slub.c b/mm/slub.c
> > index 9bea8a65e510..dce80463f92c 100644
> > --- a/mm/slub.c
> > +++ b/mm/slub.c
> > @@ -7463,6 +7597,116 @@ void kmem_cache_free_bulk(struct kmem_cache *s, size_t size, void **p)
> > }
> > EXPORT_SYMBOL(kmem_cache_free_bulk);
> >
> > +static unsigned int
> > +__refill_objects(struct kmem_cache *s, void **p, gfp_t gfp, unsigned int min,
> > + unsigned int max)
> > +{
> > + struct slab *slab, *slab2;
> > + struct partial_context pc;
> > + unsigned int refilled = 0;
> > + unsigned long flags;
> > + void *object;
> > + int node;
> > +
> > + pc.flags = gfp;
> > + pc.min_objects = min;
> > + pc.max_objects = max;
> > +
> > + node = numa_mem_id();
> > +
> > + if (WARN_ON_ONCE(!gfpflags_allow_spinning(gfp)))
> > + return 0;
> > +
> > + /* TODO: consider also other nodes? */
> > + if (!get_partial_node_bulk(s, get_node(s, node), &pc))
> > + goto new_slab;
> > +
> > + list_for_each_entry_safe(slab, slab2, &pc.slabs, slab_list) {
> > +
> > + list_del(&slab->slab_list);
>
> When a slab is removed from the list,
>
> > + object = get_freelist_nofreeze(s, slab);
> > +
> > + while (object && refilled < max) {
> > + p[refilled] = object;
> > + object = get_freepointer(s, object);
> > + maybe_wipe_obj_freeptr(s, p[refilled]);
> > +
> > + refilled++;
> > + }
> > +
> > + /*
> > + * Freelist had more objects than we can accommodate, we need to
> > + * free them back. We can treat it like a detached freelist, just
> > + * need to find the tail object.
> > + */
> > + if (unlikely(object)) {
>
> And the freelist had more objects than requested,
>
> > + void *head = object;
> > + void *tail;
> > + int cnt = 0;
> > +
> > + do {
> > + tail = object;
> > + cnt++;
> > + object = get_freepointer(s, object);
> > + } while (object);
> > + do_slab_free(s, slab, head, tail, cnt, _RET_IP_);
>
> objects are freed to the slab but the slab may or may not be added back to
> n->partial?
No, since the slab becomes a full slab after get_freelist_nofreeze(),
do_slab_free() should add it back to n->partial list!
--
Cheers,
Harry / Hyeonggon
Powered by blists - more mailing lists