doc: SLAB_TYPESAFE_BY_RCU uses cannot rely on spinlocks

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Because the SLAB_TYPESAFE_BY_RCU code does not zero pages that are
to be broken up into slabs, the memory returned by kmem_cache_alloc()
must be fully initialized, including any spinlocks included in the newly
allocated structure. This means that readers attempting to look up an
SLAB_TYPESAFE_BY_RCU object must use a reference-counting approach.
A spinlock may be acquired only after a reference is obtained, which
prevents that object from being passed to kmem_struct_free(), but only
while that reference continues to be held.

Signed-off-by: Paul E. McKenney <paulmck@kernel.org>

Paul E. McKenney 3 years ago 99cf0920 022d1b35

+12 -7

1 changed file

expand all

Documentation

RCU

whatisRCU.rst

+12 -7

Documentation/RCU/whatisRCU.rst

··· 915 915 The understanding that RCU provides a reference that only prevents a 916 916 change of type is particularly visible with objects allocated from a 917 917 slab cache marked ``SLAB_TYPESAFE_BY_RCU``. RCU operations may yield a 918 - reference to an object from such a cache that has been concurrently 919 - freed and the memory reallocated to a completely different object, 920 - though of the same type. In this case RCU doesn't even protect the 921 - identity of the object from changing, only its type. So the object 922 - found may not be the one expected, but it will be one where it is safe 923 - to take a reference or spinlock and then confirm that the identity 924 - matches the expectations. 918 + reference to an object from such a cache that has been concurrently freed 919 + and the memory reallocated to a completely different object, though of 920 + the same type. In this case RCU doesn't even protect the identity of the 921 + object from changing, only its type. So the object found may not be the 922 + one expected, but it will be one where it is safe to take a reference 923 + (and then potentially acquiring a spinlock), allowing subsequent code 924 + to check whether the identity matches expectations. It is tempting 925 + to simply acquire the spinlock without first taking the reference, but 926 + unfortunately any spinlock in a ``SLAB_TYPESAFE_BY_RCU`` object must be 927 + initialized after each and every call to kmem_cache_alloc(), which renders 928 + reference-free spinlock acquisition completely unsafe. Therefore, when 929 + using ``SLAB_TYPESAFE_BY_RCU``, make proper use of a reference counter. 925 930 926 931 With traditional reference counting -- such as that implemented by the 927 932 kref library in Linux -- there is typically code that runs when the last