On Fri, 7 Jul 2017 10:34:08 +0200 Alexander Potapenko <gli...@google.com>
wrote:
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -3389,8 +3389,8 @@ static int init_kmem_cache_nodes(struct kmem_cache *s)
> return 0;
> }
>
> - s->node[node] = n;
> init_kmem_cache_node(n);
> + s->node[node] = n;
> }
> return 1;
> }
If this matters then I have bad feelings about free_kmem_cache_nodes():
static void free_kmem_cache_nodes(struct kmem_cache *s)
{
int node;
struct kmem_cache_node *n;
for_each_kmem_cache_node(s, node, n) {
kmem_cache_free(kmem_cache_node, n);
s->node[node] = NULL;
}
}
Inviting a use-after-free? I guess not, as there should be no way
to look up these items at this stage.
Could the slab maintainers please take a look at these and also have a
think about Alexander's READ_ONCE/WRITE_ONCE question?
