From 47920759ab097d50717691a48c9e8815fa60a605 Mon Sep 17 00:00:00 2001 From: Steven Rostedt Date: Tue, 11 Oct 2011 23:56:23 -0400 Subject: [091/254] slab: Fix __do_drain to use the right array cache The array cache in __do_drain() was using the cpu_cache_get() function which uses smp_processor_id() to get the proper array. On mainline, this is fine as __do_drain() is called by for_each_cpu() which runs __do_drain() on the CPU it is processing. In RT locks are used instead and __do_drain() is only called from a single CPU. This can cause the accounting to be off and trigger the following bug: slab error in kmem_cache_destroy(): cache `nfs_write_data': Can't free all objects Pid: 2905, comm: rmmod Not tainted 3.0.6-test-rt17+ #78 Call Trace: [] kmem_cache_destroy+0xa0/0xdf [] nfs_destroy_writepagecache+0x49/0x4e [nfs] [] exit_nfs_fs+0xe/0x46 [nfs] [] sys_delete_module+0x1ba/0x22c [] ? audit_syscall_entry+0x11c/0x148 [] system_call_fastpath+0x16/0x1b This can be easily triggered by a simple while loop: # while :; do modprobe nfs; rmmod nfs; done The proper function to use is cpu_cache_get_on_cpu(). It works for both RT and non-RT as the non-RT passes in smp_processor_id() into __do_drain(). Signed-off-by: Steven Rostedt Cc: Luis Claudio R. Goncalves Cc: Clark Williams Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1318391783.13262.11.camel@gandalf.stny.rr.com Signed-off-by: Thomas Gleixner --- mm/slab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/slab.c b/mm/slab.c index dc84364..341748b 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -2638,7 +2638,7 @@ static void __do_drain(void *arg, unsigned int cpu) struct array_cache *ac; int node = cpu_to_mem(cpu); - ac = cpu_cache_get(cachep); + ac = cpu_cache_get_on_cpu(cachep, cpu); spin_lock(&cachep->nodelists[node]->list_lock); free_block(cachep, ac->entry, ac->avail, node); spin_unlock(&cachep->nodelists[node]->list_lock);