From 89b01913dc73d7c4b8440b1396909ccb7ec8c4b4 Mon Sep 17 00:00:00 2001 From: Alexander Aring Date: Thu, 13 Jun 2024 13:06:40 -0400 Subject: dlm: add rcu_barrier before destroy kmem cache In the case we trigger dlm_free_rsb() that does a call_rcu() and the responding kfree() of res_lvbptr and a kmem_cache_free() of the rsb pointer we need to wait until this pending operation is done before calling kmem_cache_destroy(). We doing that by using rcu_barrier() that waits until all pending call_rcu() are done. This avoids that kmem_cache_destroy() complains about active objects around that are not being freed yet by call_rcu(). There is currently more discussions about to make this behaviour better, see: https://lore.kernel.org/netdev/20240609082726.32742-1-Julia.Lawall@inria.fr/ However this is only for call_rcu() if the callback calls kmem_cache_destroy() only to replace it by kfree_rcu() call which has currently some issue. This isn't our case because we also free the res_lvbptr if being set. For our case, to avoid the above race rcu_barrier() should be used before calling kmem_cache_destroy() to be sure that there are no active objects around. This is exactly what net/batman-adv is also doing before calling their kmem_cache_destroy() in module unloading. Fixes: 01fdeca1cc2d ("dlm: use rcu to avoid an extra rsb struct lookup") Signed-off-by: Alexander Aring Signed-off-by: David Teigland --- fs/dlm/memory.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/dlm/memory.c b/fs/dlm/memory.c index 105a79978706..8c44b954c166 100644 --- a/fs/dlm/memory.c +++ b/fs/dlm/memory.c @@ -72,6 +72,8 @@ out: void dlm_memory_exit(void) { + rcu_barrier(); + kmem_cache_destroy(writequeue_cache); kmem_cache_destroy(mhandle_cache); kmem_cache_destroy(msg_cache); -- cgit