From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=SYs/=77=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 35319C433E0
	for <linux-mm@archiver.kernel.org>; Thu, 18 Jun 2020 09:46:29 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id EFB6821D7E
	for <linux-mm@archiver.kernel.org>; Thu, 18 Jun 2020 09:46:28 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EFB6821D7E
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linutronix.de
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 735138D0009; Thu, 18 Jun 2020 05:46:28 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6E5818D0001; Thu, 18 Jun 2020 05:46:28 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5FB7B8D0009; Thu, 18 Jun 2020 05:46:28 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0024.hostedemail.com [216.40.44.24])
	by kanga.kvack.org (Postfix) with ESMTP id 43C398D0001
	for <linux-mm@kvack.org>; Thu, 18 Jun 2020 05:46:28 -0400 (EDT)
Received: from smtpin22.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id CC154138E5
	for <linux-mm@kvack.org>; Thu, 18 Jun 2020 09:46:27 +0000 (UTC)
X-FDA: 76941852414.22.roof40_3a060c826e0f
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin22.hostedemail.com (Postfix) with ESMTP id A185618038E60
	for <linux-mm@kvack.org>; Thu, 18 Jun 2020 09:46:27 +0000 (UTC)
X-HE-Tag: roof40_3a060c826e0f
X-Filterd-Recvd-Size: 4784
Received: from Galois.linutronix.de (Galois.linutronix.de [193.142.43.55])
	by imf42.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 18 Jun 2020 09:46:27 +0000 (UTC)
Received: from bigeasy by Galois.linutronix.de with local (Exim 4.80)
	(envelope-from <bigeasy@linutronix.de>)
	id 1jlr7n-0005K3-4D; Thu, 18 Jun 2020 11:46:23 +0200
Date: Thu, 18 Jun 2020 11:46:23 +0200
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
To: linux-mm@kvack.org
Cc: Christoph Lameter <cl@linux.com>, Pekka Enberg <penberg@kernel.org>,
	David Rientjes <rientjes@google.com>,
	Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Thomas Gleixner <tglx@linutronix.de>
Subject: [RFC] SLUB: list_slab_objects() looks like a miss-merge
Message-ID: <20200618094623.ef7wrsyrnrsfm7as@linutronix.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: A185618038E60
X-Spamd-Result: default: False [0.00 / 100.00]
X-Rspamd-Server: rspam04
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Hi,

I stumbled over the following:

| static void free_partial(struct kmem_cache *s, struct kmem_cache_node *n)
| {
=E2=80=A6
|         unsigned long *map =3D NULL;
|=20
| #ifdef CONFIG_SLUB_DEBUG
|         map =3D bitmap_alloc(oo_objects(s->max), GFP_KERNEL);
| #endif
=E2=80=A6
|                 } else {
|                         list_slab_objects(s, page,
|                           "Objects remaining in %s on __kmem_cache_shutdo=
wn()",
|                           map);
|                 }
|         }
=E2=80=A6
| #ifdef CONFIG_SLUB_DEBUG
|         bitmap_free(map);
| #endif
=E2=80=A6
| }


so map gets allocated, passed to list_slab_objects() and then freed at
end. Haven't notices where `map' is set but maybe it is just a buffer
used in list_slab_objects().
And then there is this:

| static void list_slab_objects(struct kmem_cache *s, struct page *page,
|                               const char *text, unsigned long *map)
| {
| #ifdef CONFIG_SLUB_DEBUG
|         void *addr =3D page_address(page);
|         void *p;
|=20
|         if (!map)
|                 return;

No map, return. Okay.

|         slab_err(s, page, text, s->name);
|         slab_lock(page);
|=20
|         map =3D get_map(s, page);

and here `map' gets overwritten, correct? But it gets initialized. And it a=
lso
acquires `object_map_lock'.

|         for_each_object(p, s, addr, page->objects) {
|=20
|                 if (!test_bit(slab_index(p, s, addr), map)) {
|                         pr_err("INFO: Object 0x%p @offset=3D%tu\n", p, p =
- addr);
|                         print_tracking(s, p);
|                 }
|         }

and here I would expect to unlock `object_map_lock'.

|         slab_unlock(page);
| #endif
| }  =20

Is this a miss-merge of some kind? I would revert commit
   aa456c7aebb14 ("slub: remove kmalloc under list_lock from list_slab_obje=
cts() V2")

by doing this:

diff --git a/kernel/locking/rwsem.h b/kernel/locking/rwsem.h
deleted file mode 100644
index e69de29bb2d1d..0000000000000
diff --git a/mm/slub.c b/mm/slub.c
index b8f798b50d44d..72195cafbb503 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -3766,15 +3766,13 @@ static int kmem_cache_open(struct kmem_cache *s, sl=
ab_flags_t flags)
 }
=20
 static void list_slab_objects(struct kmem_cache *s, struct page *page,
-			      const char *text, unsigned long *map)
+			      const char *text)
 {
 #ifdef CONFIG_SLUB_DEBUG
 	void *addr =3D page_address(page);
+	unsigned long *map;
 	void *p;
=20
-	if (!map)
-		return;
-
 	slab_err(s, page, text, s->name);
 	slab_lock(page);
=20
@@ -3786,6 +3784,7 @@ static void list_slab_objects(struct kmem_cache *s, s=
truct page *page,
 			print_tracking(s, p);
 		}
 	}
+	put_map(map);
 	slab_unlock(page);
 #endif
 }
@@ -3799,11 +3798,6 @@ static void free_partial(struct kmem_cache *s, struc=
t kmem_cache_node *n)
 {
 	LIST_HEAD(discard);
 	struct page *page, *h;
-	unsigned long *map =3D NULL;
-
-#ifdef CONFIG_SLUB_DEBUG
-	map =3D bitmap_alloc(oo_objects(s->max), GFP_KERNEL);
-#endif
=20
 	BUG_ON(irqs_disabled());
 	spin_lock_irq(&n->list_lock);
@@ -3813,16 +3807,11 @@ static void free_partial(struct kmem_cache *s, stru=
ct kmem_cache_node *n)
 			list_add(&page->slab_list, &discard);
 		} else {
 			list_slab_objects(s, page,
-			  "Objects remaining in %s on __kmem_cache_shutdown()",
-			  map);
+			  "Objects remaining in %s on __kmem_cache_shutdown()");
 		}
 	}
 	spin_unlock_irq(&n->list_lock);
=20
-#ifdef CONFIG_SLUB_DEBUG
-	bitmap_free(map);
-#endif
-
 	list_for_each_entry_safe(page, h, &discard, slab_list)
 		discard_slab(s, page);
 }


Is there something I'm missing? This is completely untested of course.

Sebastian