[PATCH] mm/slab_common: use WARN() if cache still has objects on destroy

[PATCH] mm/slab_common: use WARN() if cache still has objects on destroy

[Marco Elver]

Calling kmem_cache_destroy() while the cache still has objects allocated
is a kernel bug, and will usually result in the entire cache being
leaked. While the message in kmem_cache_destroy() resembles a warning,
it is currently not implemented using a real WARN().

This is problematic for infrastructure testing the kernel, all of which
rely on the specific format of WARN()s to pick up on bugs.

Some 13 years ago this used to be a simple WARN_ON() in slub, but
d629d8195793 ("slub: improve kmem_cache_destroy() error message")
changed it into an open-coded warning to avoid confusion with a bug in
slub itself.

Instead, turn the open-coded warning into a real WARN() with the message
preserved, so that test systems can actually identify these issues, and
we get all the other benefits of using a normal WARN(). The warning
message is extended with "when called from <caller-ip>" to make it even
clearer where the fault lies.

For most configurations this is only a cosmetic change, however, note
that WARN() here will now also respect panic_on_warn.

Signed-off-by: Marco Elver <elver@google.com>
---
 mm/slab_common.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/mm/slab_common.c b/mm/slab_common.c
index ec2bb0beed75..0155a3042203 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
@@ -497,8 +497,6 @@ void slab_kmem_cache_release(struct kmem_cache *s)
 
 void kmem_cache_destroy(struct kmem_cache *s)
 {
-	int err;
-
 	if (unlikely(!s))
 		return;
 
@@ -509,12 +507,9 @@ void kmem_cache_destroy(struct kmem_cache *s)
 	if (s->refcount)
 		goto out_unlock;
 
-	err = shutdown_cache(s);
-	if (err) {
-		pr_err("%s %s: Slab cache still has objects\n",
-		       __func__, s->name);
-		dump_stack();
-	}
+	WARN(shutdown_cache(s),
+	     "%s %s: Slab cache still has objects when called from %pS",
+	     __func__, s->name, (void *)_RET_IP_);
 out_unlock:
 	mutex_unlock(&slab_mutex);
 	cpus_read_unlock();
-- 
2.33.1.1089.g2158813163f-goog

Re: [PATCH] mm/slab_common: use WARN() if cache still has objects on destroy

[Vlastimil Babka]

On 11/2/21 18:07, Marco Elver wrote:
> Calling kmem_cache_destroy() while the cache still has objects allocated
> is a kernel bug, and will usually result in the entire cache being
> leaked. While the message in kmem_cache_destroy() resembles a warning,
> it is currently not implemented using a real WARN().
> 
> This is problematic for infrastructure testing the kernel, all of which
> rely on the specific format of WARN()s to pick up on bugs.
> 
> Some 13 years ago this used to be a simple WARN_ON() in slub, but
> d629d8195793 ("slub: improve kmem_cache_destroy() error message")
> changed it into an open-coded warning to avoid confusion with a bug in
> slub itself.
> 
> Instead, turn the open-coded warning into a real WARN() with the message
> preserved, so that test systems can actually identify these issues, and
> we get all the other benefits of using a normal WARN(). The warning
> message is extended with "when called from <caller-ip>" to make it even
> clearer where the fault lies.
> 
> For most configurations this is only a cosmetic change, however, note
> that WARN() here will now also respect panic_on_warn.
> 
> Signed-off-by: Marco Elver <elver@google.com>

Makes sense.

Reviewed-by: Vlastimil Babka <vbabka@suse.cz>

> ---
>  mm/slab_common.c | 11 +++--------
>  1 file changed, 3 insertions(+), 8 deletions(-)
> 
> diff --git a/mm/slab_common.c b/mm/slab_common.c
> index ec2bb0beed75..0155a3042203 100644
> --- a/mm/slab_common.c
> +++ b/mm/slab_common.c
> @@ -497,8 +497,6 @@ void slab_kmem_cache_release(struct kmem_cache *s)
>  
>  void kmem_cache_destroy(struct kmem_cache *s)
>  {
> -	int err;
> -
>  	if (unlikely(!s))
>  		return;
>  
> @@ -509,12 +507,9 @@ void kmem_cache_destroy(struct kmem_cache *s)
>  	if (s->refcount)
>  		goto out_unlock;
>  
> -	err = shutdown_cache(s);
> -	if (err) {
> -		pr_err("%s %s: Slab cache still has objects\n",
> -		       __func__, s->name);
> -		dump_stack();
> -	}
> +	WARN(shutdown_cache(s),
> +	     "%s %s: Slab cache still has objects when called from %pS",
> +	     __func__, s->name, (void *)_RET_IP_);
>  out_unlock:
>  	mutex_unlock(&slab_mutex);
>  	cpus_read_unlock();
> 

Re: [PATCH] mm/slab_common: use WARN() if cache still has objects on destroy

[David Rientjes]

On Tue, 2 Nov 2021, Marco Elver wrote:

> Calling kmem_cache_destroy() while the cache still has objects allocated
> is a kernel bug, and will usually result in the entire cache being
> leaked. While the message in kmem_cache_destroy() resembles a warning,
> it is currently not implemented using a real WARN().
> 
> This is problematic for infrastructure testing the kernel, all of which
> rely on the specific format of WARN()s to pick up on bugs.
> 
> Some 13 years ago this used to be a simple WARN_ON() in slub, but
> d629d8195793 ("slub: improve kmem_cache_destroy() error message")
> changed it into an open-coded warning to avoid confusion with a bug in
> slub itself.
> 
> Instead, turn the open-coded warning into a real WARN() with the message
> preserved, so that test systems can actually identify these issues, and
> we get all the other benefits of using a normal WARN(). The warning
> message is extended with "when called from <caller-ip>" to make it even
> clearer where the fault lies.
> 
> For most configurations this is only a cosmetic change, however, note
> that WARN() here will now also respect panic_on_warn.
> 
> Signed-off-by: Marco Elver <elver@google.com>

Acked-by: David Rientjes <rientjes@google.com>

Thanks Marco!