From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from psmtp.com (na3sys010amx145.postini.com [74.125.245.145]) by kanga.kvack.org (Postfix) with SMTP id 7186D6B00BA for ; Tue, 18 Sep 2012 10:16:41 -0400 (EDT) From: Glauber Costa Subject: [PATCH v3 09/16] sl[au]b: always get the cache from its page in kfree Date: Tue, 18 Sep 2012 18:12:03 +0400 Message-Id: <1347977530-29755-10-git-send-email-glommer@parallels.com> In-Reply-To: <1347977530-29755-1-git-send-email-glommer@parallels.com> References: <1347977530-29755-1-git-send-email-glommer@parallels.com> Sender: owner-linux-mm@kvack.org List-ID: To: linux-kernel@vger.kernel.org Cc: cgroups@vger.kernel.org, kamezawa.hiroyu@jp.fujitsu.com, devel@openvz.org, Tejun Heo , linux-mm@kvack.org, Suleiman Souhlal , Frederic Weisbecker , Mel Gorman , David Rientjes , Glauber Costa , Christoph Lameter , Pekka Enberg struct page already have this information. If we start chaining caches, this information will always be more trustworthy than whatever is passed into the function A parent pointer is added to the slub structure, so we can make sure the freeing comes from either the right slab, or from its rightful parent. [ v3: added parent testing with VM_BUG_ON ] Signed-off-by: Glauber Costa CC: Christoph Lameter CC: Pekka Enberg --- mm/slab.c | 5 ++++- mm/slab.h | 11 +++++++++++ mm/slub.c | 4 +++- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/mm/slab.c b/mm/slab.c index f2d760c..18de3f6 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -3938,9 +3938,12 @@ EXPORT_SYMBOL(__kmalloc); * Free an object which was previously allocated from this * cache. */ -void kmem_cache_free(struct kmem_cache *cachep, void *objp) +void kmem_cache_free(struct kmem_cache *s, void *objp) { unsigned long flags; + struct kmem_cache *cachep = virt_to_cache(objp); + + VM_BUG_ON(!slab_equal_or_parent(cachep, s)); local_irq_save(flags); debug_check_no_locks_freed(objp, cachep->object_size); diff --git a/mm/slab.h b/mm/slab.h index 6f2a34d..f2501ab 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -60,11 +60,22 @@ static inline bool cache_match_memcg(struct kmem_cache *cachep, return cachep->memcg_params.memcg == memcg; } +static inline bool slab_equal_or_parent(struct kmem_cache *s, + struct kmem_cache *p) +{ + return (p == s) || (p == s->memcg_params.parent); +} #else static inline bool cache_match_memcg(struct kmem_cache *cachep, struct mem_cgroup *memcg) { return true; } + +static inline bool slab_equal_or_parent(struct kmem_cache *s, + struct kmem_cache *p) +{ + return true; +} #endif #endif diff --git a/mm/slub.c b/mm/slub.c index 4778548..a045dfc 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -2604,7 +2604,9 @@ void kmem_cache_free(struct kmem_cache *s, void *x) page = virt_to_head_page(x); - slab_free(s, page, x, _RET_IP_); + VM_BUG_ON(!slab_equal_or_parent(page->slab, s)); + + slab_free(page->slab, page, x, _RET_IP_); trace_kmem_cache_free(_RET_IP_, x); } -- 1.7.11.4 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org