On Mon, Jan 12, 2026 at 04:16:55PM +0100, Vlastimil Babka wrote:
After we submit the rcu_free sheaves to call_rcu() we need to make sure the rcu callbacks complete. kvfree_rcu_barrier() does that via flush_all_rcu_sheaves() but kvfree_rcu_barrier_on_cache() doesn't. Fix that.
Oops, my bad.
Reported-by: kernel test robot oliver.sang@intel.com Closes: https://lore.kernel.org/oe-lkp/202601121442.c530bed3-lkp@intel.com Fixes: 0f35040de593 ("mm/slab: introduce kvfree_rcu_barrier_on_cache() for cache destruction") Cc: stable@vger.kernel.org Signed-off-by: Vlastimil Babka vbabka@suse.cz
The fix looks good to me, but I wonder why `if (s->sheaf_capacity) rcu_barrier();` in __kmem_cache_shutdown() didn't prevent the bug from happening?
mm/slab_common.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/mm/slab_common.c b/mm/slab_common.c index eed7ea556cb1..ee994ec7f251 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -2133,8 +2133,11 @@ EXPORT_SYMBOL_GPL(kvfree_rcu_barrier); */ void kvfree_rcu_barrier_on_cache(struct kmem_cache *s) {
- if (s->cpu_sheaves)
- if (s->cpu_sheaves) { flush_rcu_sheaves_on_cache(s);
rcu_barrier();- }
- /*
- TODO: Introduce a version of __kvfree_rcu_barrier() that works
- on a specific slab cache.
-- 2.52.0