From syzbot+list782da1462944fe92dbc9 at syzkaller.appspotmail.com Mon Jun 3 07:52:28 2024 From: syzbot+list782da1462944fe92dbc9 at syzkaller.appspotmail.com (syzbot) Date: Mon, 03 Jun 2024 00:52:28 -0700 Subject: [syzbot] Monthly wireguard report (Jun 2024) Message-ID: <00000000000065d96e0619f79dff@google.com> Hello wireguard maintainers/developers, This is a 31-day syzbot report for the wireguard subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/wireguard During the period, 4 new issues were detected and 0 were fixed. In total, 9 issues are still open and 16 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 972 No KCSAN: data-race in wg_packet_send_staged_packets / wg_packet_send_staged_packets (3) https://syzkaller.appspot.com/bug?extid=6ba34f16b98fe40daef1 <2> 63 No INFO: task hung in wg_destruct https://syzkaller.appspot.com/bug?extid=a6bdd2d02402f18fdd5e <3> 48 No INFO: task hung in wg_netns_pre_exit (4) https://syzkaller.appspot.com/bug?extid=1d5c9cd5bcdce13e618e <4> 4 No WARNING in kthread_unpark (2) https://syzkaller.appspot.com/bug?extid=943d34fa3cf2191e3068 <5> 1 No WARNING: locking bug in wg_packet_encrypt_worker https://syzkaller.appspot.com/bug?extid=f19160c19b77d76b5bc2 <6> 1 No general protection fault in wg_packet_receive https://syzkaller.appspot.com/bug?extid=470d70be7e9ee9f22a01 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller at googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message. From syzbot+9f1d21c20c7306ca9417 at syzkaller.appspotmail.com Tue Jun 4 19:56:29 2024 From: syzbot+9f1d21c20c7306ca9417 at syzkaller.appspotmail.com (syzbot) Date: Tue, 04 Jun 2024 12:56:29 -0700 Subject: [syzbot] [wireguard?] WARNING: locking bug in wg_packet_decrypt_worker Message-ID: <00000000000089d850061a15d886@google.com> Hello, syzbot found the following issue on: HEAD commit: 83814698cf48 Merge tag 'powerpc-6.10-2' of git://git.kerne.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16746d3a980000 kernel config: https://syzkaller.appspot.com/x/.config?x=733cc7a95171d8e7 dashboard link: https://syzkaller.appspot.com/bug?extid=9f1d21c20c7306ca9417 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 userspace arch: i386 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-83814698.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/7042fdcb685d/vmlinux-83814698.xz kernel image: https://storage.googleapis.com/syzbot-assets/9f795e13834f/bzImage-83814698.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+9f1d21c20c7306ca9417 at syzkaller.appspotmail.com ------------[ cut here ]------------ DEBUG_LOCKS_WARN_ON(1) WARNING: CPU: 0 PID: 10 at kernel/locking/lockdep.c:232 hlock_class kernel/locking/lockdep.c:232 [inline] WARNING: CPU: 0 PID: 10 at kernel/locking/lockdep.c:232 hlock_class+0xfa/0x130 kernel/locking/lockdep.c:221 Modules linked in: CPU: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.10.0-rc1-syzkaller-00304-g83814698cf48 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Workqueue: wg-crypt-wg0 wg_packet_decrypt_worker RIP: 0010:hlock_class kernel/locking/lockdep.c:232 [inline] RIP: 0010:hlock_class+0xfa/0x130 kernel/locking/lockdep.c:221 Code: b6 14 11 38 d0 7c 04 84 d2 75 43 8b 05 b3 39 77 0e 85 c0 75 19 90 48 c7 c6 00 bd 2c 8b 48 c7 c7 a0 b7 2c 8b e8 97 47 e5 ff 90 <0f> 0b 90 90 90 31 c0 eb 9e e8 88 f7 7f 00 e9 1c ff ff ff 48 c7 c7 RSP: 0018:ffffc900003c7a00 EFLAGS: 00010082 RAX: 0000000000000000 RBX: 0000000000000f2b RCX: ffffffff81510229 RDX: ffff888015f38000 RSI: ffffffff81510236 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 000000002d2d2d2d R12: 0000000000000000 R13: 0000000000000000 R14: ffff888015f38b30 R15: 0000000000000f2b FS: 0000000000000000(0000) GS:ffff88802c000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000f743fb94 CR3: 000000005ff86000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: check_wait_context kernel/locking/lockdep.c:4773 [inline] __lock_acquire+0x3f2/0x3b30 kernel/locking/lockdep.c:5087 lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] ptr_ring_consume_bh include/linux/ptr_ring.h:365 [inline] wg_packet_decrypt_worker+0x2aa/0x530 drivers/net/wireguard/receive.c:499 process_one_work+0x958/0x1ad0 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller at googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup From Julia.Lawall at inria.fr Sun Jun 9 08:27:12 2024 From: Julia.Lawall at inria.fr (Julia Lawall) Date: Sun, 9 Jun 2024 10:27:12 +0200 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback Message-ID: <20240609082726.32742-1-Julia.Lawall@inria.fr> Since SLOB was removed, it is not necessary to use call_rcu when the callback only performs kmem_cache_free. Use kfree_rcu() directly. The changes were done using the following Coccinelle semantic patch. This semantic patch is designed to ignore cases where the callback function is used in another way. // @r@ expression e; local idexpression e2; identifier cb,f; position p; @@ ( call_rcu(...,e2) | call_rcu(&e->f,cb at p) ) @r1@ type T; identifier x,r.cb; @@ cb(...) { ( kmem_cache_free(...); | T x = ...; kmem_cache_free(...,x); | T x; x = ...; kmem_cache_free(...,x); ) } @s depends on r1@ position p != r.p; identifier r.cb; @@ cb at p @script:ocaml@ cb << r.cb; p << s.p; @@ Printf.eprintf "Other use of %s at %s:%d\n" cb (List.hd p).file (List.hd p).line @depends on r1 && !s@ expression e; identifier r.cb,f; position r.p; @@ - call_rcu(&e->f,cb at p) + kfree_rcu(e,f) @r1a depends on !s@ type T; identifier x,r.cb; @@ - cb(...) { ( - kmem_cache_free(...); | - T x = ...; - kmem_cache_free(...,x); | - T x; - x = ...; - kmem_cache_free(...,x); ) - } // Signed-off-by: Julia Lawall Reviewed-by: Paul E. McKenney Reviewed-by: Vlastimil Babka --- arch/powerpc/kvm/book3s_mmu_hpte.c | 8 +------- block/blk-ioc.c | 9 +-------- drivers/net/wireguard/allowedips.c | 9 ++------- fs/ecryptfs/dentry.c | 8 +------- fs/nfsd/nfs4state.c | 9 +-------- fs/tracefs/inode.c | 10 +--------- kernel/time/posix-timers.c | 9 +-------- kernel/workqueue.c | 8 +------- net/bridge/br_fdb.c | 9 +-------- net/can/gw.c | 13 +++---------- net/ipv4/fib_trie.c | 8 +------- net/ipv4/inetpeer.c | 9 ++------- net/ipv6/ip6_fib.c | 9 +-------- net/ipv6/xfrm6_tunnel.c | 8 +------- net/kcm/kcmsock.c | 10 +--------- net/netfilter/nf_conncount.c | 10 +--------- net/netfilter/nf_conntrack_expect.c | 10 +--------- net/netfilter/xt_hashlimit.c | 9 +-------- 18 files changed, 22 insertions(+), 143 deletions(-) From Julia.Lawall at inria.fr Sun Jun 9 08:27:13 2024 From: Julia.Lawall at inria.fr (Julia Lawall) Date: Sun, 9 Jun 2024 10:27:13 +0200 Subject: [PATCH 01/14] wireguard: allowedips: replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: <20240609082726.32742-1-Julia.Lawall@inria.fr> References: <20240609082726.32742-1-Julia.Lawall@inria.fr> Message-ID: <20240609082726.32742-2-Julia.Lawall@inria.fr> Since SLOB was removed, it is not necessary to use call_rcu when the callback only performs kmem_cache_free. Use kfree_rcu() directly. The changes were done using the following Coccinelle semantic patch. This semantic patch is designed to ignore cases where the callback function is used in another way. // @r@ expression e; local idexpression e2; identifier cb,f; position p; @@ ( call_rcu(...,e2) | call_rcu(&e->f,cb at p) ) @r1@ type T; identifier x,r.cb; @@ cb(...) { ( kmem_cache_free(...); | T x = ...; kmem_cache_free(...,x); | T x; x = ...; kmem_cache_free(...,x); ) } @s depends on r1@ position p != r.p; identifier r.cb; @@ cb at p @script:ocaml@ cb << r.cb; p << s.p; @@ Printf.eprintf "Other use of %s at %s:%d\n" cb (List.hd p).file (List.hd p).line @depends on r1 && !s@ expression e; identifier r.cb,f; position r.p; @@ - call_rcu(&e->f,cb at p) + kfree_rcu(e,f) @r1a depends on !s@ type T; identifier x,r.cb; @@ - cb(...) { ( - kmem_cache_free(...); | - T x = ...; - kmem_cache_free(...,x); | - T x; - x = ...; - kmem_cache_free(...,x); ) - } // Signed-off-by: Julia Lawall Reviewed-by: Paul E. McKenney Reviewed-by: Vlastimil Babka --- drivers/net/wireguard/allowedips.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/drivers/net/wireguard/allowedips.c b/drivers/net/wireguard/allowedips.c index 0ba714ca5185..e4e1638fce1b 100644 --- a/drivers/net/wireguard/allowedips.c +++ b/drivers/net/wireguard/allowedips.c @@ -48,11 +48,6 @@ static void push_rcu(struct allowedips_node **stack, } } -static void node_free_rcu(struct rcu_head *rcu) -{ - kmem_cache_free(node_cache, container_of(rcu, struct allowedips_node, rcu)); -} - static void root_free_rcu(struct rcu_head *rcu) { struct allowedips_node *node, *stack[MAX_ALLOWEDIPS_DEPTH] = { @@ -330,13 +325,13 @@ void wg_allowedips_remove_by_peer(struct allowedips *table, child = rcu_dereference_protected( parent->bit[!(node->parent_bit_packed & 1)], lockdep_is_held(lock)); - call_rcu(&node->rcu, node_free_rcu); + kfree_rcu(node, rcu); if (!free_parent) continue; if (child) child->parent_bit_packed = parent->parent_bit_packed; *(struct allowedips_node **)(parent->parent_bit_packed & ~3UL) = child; - call_rcu(&parent->rcu, node_free_rcu); + kfree_rcu(parent, rcu); } } From Jason at zx2c4.com Sun Jun 9 14:32:06 2024 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Sun, 9 Jun 2024 16:32:06 +0200 Subject: [PATCH 01/14] wireguard: allowedips: replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: <20240609082726.32742-2-Julia.Lawall@inria.fr> References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240609082726.32742-2-Julia.Lawall@inria.fr> Message-ID: Hi Julia & Vlastimil, On Sun, Jun 09, 2024 at 10:27:13AM +0200, Julia Lawall wrote: > Since SLOB was removed, it is not necessary to use call_rcu > when the callback only performs kmem_cache_free. Use > kfree_rcu() directly. Thanks, I applied this to the wireguard tree, and I'll send this out as a fix for 6.10. Let me know if this is unfavorable to you and if you'd like to take this somewhere yourself, in which case I'll give you my ack. Just a question, though, for Vlastimil -- I know that with the SLOB removal, kfree() is now allowed on kmemcache'd objects. Do you plan to do a blanket s/kmem_cache_free/kfree/g at some point, and then remove kmem_cache_free all together? Jason From julia.lawall at inria.fr Sun Jun 9 14:36:15 2024 From: julia.lawall at inria.fr (Julia Lawall) Date: Sun, 9 Jun 2024 16:36:15 +0200 (CEST) Subject: [PATCH 01/14] wireguard: allowedips: replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240609082726.32742-2-Julia.Lawall@inria.fr> Message-ID: On Sun, 9 Jun 2024, Jason A. Donenfeld wrote: > Hi Julia & Vlastimil, > > On Sun, Jun 09, 2024 at 10:27:13AM +0200, Julia Lawall wrote: > > Since SLOB was removed, it is not necessary to use call_rcu > > when the callback only performs kmem_cache_free. Use > > kfree_rcu() directly. > > Thanks, I applied this to the wireguard tree, and I'll send this out as > a fix for 6.10. Let me know if this is unfavorable to you and if you'd > like to take this somewhere yourself, in which case I'll give you my > ack. Please push it onward. julia > > Just a question, though, for Vlastimil -- I know that with the SLOB > removal, kfree() is now allowed on kmemcache'd objects. Do you plan to > do a blanket s/kmem_cache_free/kfree/g at some point, and then remove > kmem_cache_free all together? > > Jason > From nico.schottelius at ungleich.ch Sun Jun 9 15:39:46 2024 From: nico.schottelius at ungleich.ch (Nico Schottelius) Date: Sun, 09 Jun 2024 17:39:46 +0200 Subject: Wireguard address binding - how to fix? In-Reply-To: <87bk4tc5m7.fsf@ungleich.ch> (Nico Schottelius's message of "Sun, 26 May 2024 10:57:52 +0200") References: <87le4cfz0u.fsf@ungleich.ch> <20240514113648.neaj6kfazx4fi7af@House.clients.dxld.at> <87msojhbq0.fsf@ungleich.ch> <87a5kjgw3j.fsf@ungleich.ch> <874jarfd43.fsf@ungleich.ch> <87bk4tc5m7.fsf@ungleich.ch> Message-ID: <87tti2xgzh.fsf@ungleich.ch> Jason, may I shortly ask what your opinion is on the patch and whether there is a way forward to make wireguard usable on systems with multiple IP addresses? Best regards, Nico Nico Schottelius writes: > d tbsky writes: >> I remembered how exciting when I tested wireguard at 2017. until I >> asked muti-home question in the list. >> wiregurad is beautiful,elegant,fast but not easy to get along with. >> openvpn is not so amazing but it can get the job done. > > Nice summary, hits the nail quite well. > > Jason, do you mind having a look at the submitted patches for IP address > binding and comment on them? Or alternatively can you give green light > for generally moving forward so that a direct inclusion in the Linux > kernel would be accepted? > > Best regards, > > Nico -------------- next part -------------- -- Sustainable and modern Infrastructures by ungleich.ch -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 873 bytes Desc: not available URL: From vbabka at suse.cz Mon Jun 10 20:38:08 2024 From: vbabka at suse.cz (Vlastimil Babka) Date: Mon, 10 Jun 2024 22:38:08 +0200 Subject: [PATCH 01/14] wireguard: allowedips: replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240609082726.32742-2-Julia.Lawall@inria.fr> Message-ID: <3f58c9a6-614f-4188-9a38-72c26fb42c8e@suse.cz> On 6/9/24 4:32 PM, Jason A. Donenfeld wrote: > Hi Julia & Vlastimil, > > On Sun, Jun 09, 2024 at 10:27:13AM +0200, Julia Lawall wrote: >> Since SLOB was removed, it is not necessary to use call_rcu >> when the callback only performs kmem_cache_free. Use >> kfree_rcu() directly. > > Thanks, I applied this to the wireguard tree, and I'll send this out as > a fix for 6.10. Let me know if this is unfavorable to you and if you'd > like to take this somewhere yourself, in which case I'll give you my > ack. > > Just a question, though, for Vlastimil -- I know that with the SLOB > removal, kfree() is now allowed on kmemcache'd objects. Do you plan to > do a blanket s/kmem_cache_free/kfree/g at some point, and then remove > kmem_cache_free all together? Hmm, not really, but obligatory Cc for willy who'd love to have "one free() to rule them all" IIRC. My current thinking is that kmem_cache_free() can save the kmem_cache lookup, or serve as a double check if debugging is enabled, and doesn't have much downside. If someone wants to not care about the kmem_cache pointer, they can use kfree(). Even convert their subsystem at will. But a mass conversion of everything would be rather lot of churn for not much of a benefit, IMHO. From Jason at zx2c4.com Mon Jun 10 20:59:07 2024 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Mon, 10 Jun 2024 22:59:07 +0200 Subject: [PATCH 01/14] wireguard: allowedips: replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: <3f58c9a6-614f-4188-9a38-72c26fb42c8e@suse.cz> References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240609082726.32742-2-Julia.Lawall@inria.fr> <3f58c9a6-614f-4188-9a38-72c26fb42c8e@suse.cz> Message-ID: Hi Vlastimil, On Mon, Jun 10, 2024 at 10:38:08PM +0200, Vlastimil Babka wrote: > On 6/9/24 4:32 PM, Jason A. Donenfeld wrote: > > Hi Julia & Vlastimil, > > > > On Sun, Jun 09, 2024 at 10:27:13AM +0200, Julia Lawall wrote: > >> Since SLOB was removed, it is not necessary to use call_rcu > >> when the callback only performs kmem_cache_free. Use > >> kfree_rcu() directly. > > > > Thanks, I applied this to the wireguard tree, and I'll send this out as > > a fix for 6.10. Let me know if this is unfavorable to you and if you'd > > like to take this somewhere yourself, in which case I'll give you my > > ack. > > > > Just a question, though, for Vlastimil -- I know that with the SLOB > > removal, kfree() is now allowed on kmemcache'd objects. Do you plan to > > do a blanket s/kmem_cache_free/kfree/g at some point, and then remove > > kmem_cache_free all together? > > Hmm, not really, but obligatory Cc for willy who'd love to have "one free() > to rule them all" IIRC. > > My current thinking is that kmem_cache_free() can save the kmem_cache > lookup, or serve as a double check if debugging is enabled, and doesn't have > much downside. If someone wants to not care about the kmem_cache pointer, > they can use kfree(). Even convert their subsystem at will. But a mass > conversion of everything would be rather lot of churn for not much of a > benefit, IMHO. Huh, interesting. I can see the practical sense in that, not causing unnecessary churn and such. At the same time, this doesn't appeal much to some sort of orderly part of my mind. Either all kmalloc/kmem_cache memory is kfree()d as the rule for what is best, or a kmalloc pairs with a kfree and a kmem_cache_alloc pairs with a kmem_cache_free and that's the rule. And those can be checked and enforced and so forth. But saying, "oh, well, they might work a bit different, but whatever you want is basically fine; there's no rhyme or reason" is somehow dissatisfying. Maybe the rule is actually, "use kmem_cache_free if you can because it saves a pointer lookup, but don't go out of your way to do that and certainly don't bloat .text to make it happen," then maybe that makes sense? But I dunno, I find myself wanting a rule and consistency. (Did you find it annoying that in this paragraph, I used () on only one function mention but not on the others? If so, maybe you're like me.) Maybe I should just chill though. Anyway, only my 2?, and my opinion here isn't worth much, so please regard this as only a gut statement from a bystander. Jason From germano.massullo at gmail.com Wed Jun 12 14:11:00 2024 From: germano.massullo at gmail.com (Germano Massullo) Date: Wed, 12 Jun 2024 16:11:00 +0200 Subject: Mini PCIE HW accelerator for ChaCha20 Message-ID: Hello, I would like to ask if you are aware of any mini PCI express card that provides hardware acceleration for ChaCha20 algorithm. I would need it to improve Turris Omnia Wireguard throughput Cheers! From kuba at kernel.org Wed Jun 12 21:33:05 2024 From: kuba at kernel.org (Jakub Kicinski) Date: Wed, 12 Jun 2024 14:33:05 -0700 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: <20240609082726.32742-1-Julia.Lawall@inria.fr> References: <20240609082726.32742-1-Julia.Lawall@inria.fr> Message-ID: <20240612143305.451abf58@kernel.org> On Sun, 9 Jun 2024 10:27:12 +0200 Julia Lawall wrote: > Since SLOB was removed, it is not necessary to use call_rcu > when the callback only performs kmem_cache_free. Use > kfree_rcu() directly. > > The changes were done using the following Coccinelle semantic patch. > This semantic patch is designed to ignore cases where the callback > function is used in another way. How does the discussion on: [PATCH] Revert "batman-adv: prefer kfree_rcu() over call_rcu() with free-only callbacks" https://lore.kernel.org/all/20240612133357.2596-1-linus.luessing at c0d3.blue/ reflect on this series? IIUC we should hold off.. From paulmck at kernel.org Wed Jun 12 22:37:55 2024 From: paulmck at kernel.org (Paul E. McKenney) Date: Wed, 12 Jun 2024 15:37:55 -0700 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: <20240612143305.451abf58@kernel.org> References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org> Message-ID: On Wed, Jun 12, 2024 at 02:33:05PM -0700, Jakub Kicinski wrote: > On Sun, 9 Jun 2024 10:27:12 +0200 Julia Lawall wrote: > > Since SLOB was removed, it is not necessary to use call_rcu > > when the callback only performs kmem_cache_free. Use > > kfree_rcu() directly. > > > > The changes were done using the following Coccinelle semantic patch. > > This semantic patch is designed to ignore cases where the callback > > function is used in another way. > > How does the discussion on: > [PATCH] Revert "batman-adv: prefer kfree_rcu() over call_rcu() with free-only callbacks" > https://lore.kernel.org/all/20240612133357.2596-1-linus.luessing at c0d3.blue/ > reflect on this series? IIUC we should hold off.. We do need to hold off for the ones in kernel modules (such as 07/14) where the kmem_cache is destroyed during module unload. OK, I might as well go through them... [PATCH 01/14] wireguard: allowedips: replace call_rcu by kfree_rcu for simple kmem_cache_free callback Needs to wait, see wg_allowedips_slab_uninit(). [PATCH 02/14] net: replace call_rcu by kfree_rcu for simple kmem_cache_free callback I don't immediately see the rcu_barrier(), but if there isn't one in there somewhere there probably should be. Caution suggests a need to wait. [PATCH 03/14] KVM: PPC: replace call_rcu by kfree_rcu for simple kmem_cache_free callback I don't immediately see the rcu_barrier(), but if there isn't one in there somewhere there probably should be. Caution suggests a need to wait. [PATCH 04/14] xfrm6_tunnel: replace call_rcu by kfree_rcu for simple kmem_cache_free callback Needs to wait, see xfrm6_tunnel_fini(). [PATCH 05/14] tracefs: replace call_rcu by kfree_rcu for simple kmem_cache_free callback This one is fine because the tracefs_inode_cachep kmem_cache is created at boot and never destroyed. [PATCH 06/14] eCryptfs: replace call_rcu by kfree_rcu for simple kmem_cache_free callback I don't see a kmem_cache_destroy(), but then again, I also don't see the kmem_cache_create(). Unless someone can see what I am not seeing, let's wait. [PATCH 07/14] net: bridge: replace call_rcu by kfree_rcu for simple kmem_cache_free callback Needs to wait, see br_fdb_fini() and br_deinit(). [PATCH 08/14] nfsd: replace call_rcu by kfree_rcu for simple kmem_cache_free callback I don't immediately see the rcu_barrier(), but if there isn't one in there somewhere there probably should be. Caution suggests a need to wait. [PATCH 09/14] block: replace call_rcu by kfree_rcu for simple kmem_cache_free callback I don't see a kmem_cache_destroy(), but then again, I also don't see the kmem_cache_create(). Unless someone can see what I am not seeing, let's wait. [PATCH 10/14] can: gw: replace call_rcu by kfree_rcu for simple kmem_cache_free callback Needs to wait, see cgw_module_exit(). [PATCH 11/14] posix-timers: replace call_rcu by kfree_rcu for simple kmem_cache_free callback This one is fine because the posix_timers_cache kmem_cache is created at boot and never destroyed. [PATCH 12/14] workqueue: replace call_rcu by kfree_rcu for simple kmem_cache_free callback This one is fine because the pwq_cache kmem_cache is created at boot and never destroyed. [PATCH 13/14] kcm: replace call_rcu by kfree_rcu for simple kmem_cache_free callback I don't immediately see the rcu_barrier(), but if there isn't one in there somewhere there probably should be. Caution suggests a need to wait. [PATCH 14/14] netfilter: replace call_rcu by kfree_rcu for simple kmem_cache_free callback Needs to wait, see hashlimit_mt_exit(). So 05/14, 11/14 and 12/14 are OK and can go ahead. The rest need some help. Apologies for my having gotten overly enthusiastic about this change! Thanx, Paul From kuba at kernel.org Wed Jun 12 22:46:15 2024 From: kuba at kernel.org (Jakub Kicinski) Date: Wed, 12 Jun 2024 15:46:15 -0700 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org> Message-ID: <20240612154615.21206fea@kernel.org> On Wed, 12 Jun 2024 15:37:55 -0700 Paul E. McKenney wrote: > So 05/14, 11/14 and 12/14 are OK and can go ahead. The rest need some > help. Thank you for the breakdown! From paulmck at kernel.org Wed Jun 12 23:04:19 2024 From: paulmck at kernel.org (Paul E. McKenney) Date: Wed, 12 Jun 2024 16:04:19 -0700 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: <7e58e73d-4173-49fe-8f05-38a3699bc2c1@kernel.dk> References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org> <7e58e73d-4173-49fe-8f05-38a3699bc2c1@kernel.dk> Message-ID: On Wed, Jun 12, 2024 at 04:52:57PM -0600, Jens Axboe wrote: > On 6/12/24 4:37 PM, Paul E. McKenney wrote: > > [PATCH 09/14] block: replace call_rcu by kfree_rcu for simple kmem_cache_free callback > > I don't see a kmem_cache_destroy(), but then again, I also don't > > see the kmem_cache_create(). Unless someone can see what I am > > not seeing, let's wait. > > It's in that same file: > > blk_ioc_init() > > the cache itself never goes away, as the ioc code is not unloadable. So > I think the change there should be fine. Thank you, Jens! (And to Jakub for motivating me to go look.) So to update the scorecared, 05/14, 09/14, 11/14 and 12/14 are OK and can go ahead. Thanx, Paul From Jason at zx2c4.com Wed Jun 12 23:31:57 2024 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 13 Jun 2024 01:31:57 +0200 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org> Message-ID: On Wed, Jun 12, 2024 at 03:37:55PM -0700, Paul E. McKenney wrote: > On Wed, Jun 12, 2024 at 02:33:05PM -0700, Jakub Kicinski wrote: > > On Sun, 9 Jun 2024 10:27:12 +0200 Julia Lawall wrote: > > > Since SLOB was removed, it is not necessary to use call_rcu > > > when the callback only performs kmem_cache_free. Use > > > kfree_rcu() directly. > > > > > > The changes were done using the following Coccinelle semantic patch. > > > This semantic patch is designed to ignore cases where the callback > > > function is used in another way. > > > > How does the discussion on: > > [PATCH] Revert "batman-adv: prefer kfree_rcu() over call_rcu() with free-only callbacks" > > https://lore.kernel.org/all/20240612133357.2596-1-linus.luessing at c0d3.blue/ > > reflect on this series? IIUC we should hold off.. > > We do need to hold off for the ones in kernel modules (such as 07/14) > where the kmem_cache is destroyed during module unload. > > OK, I might as well go through them... > > [PATCH 01/14] wireguard: allowedips: replace call_rcu by kfree_rcu for simple kmem_cache_free callback > Needs to wait, see wg_allowedips_slab_uninit(). Right, this has exactly the same pattern as the batman-adv issue: void wg_allowedips_slab_uninit(void) { rcu_barrier(); kmem_cache_destroy(node_cache); } I'll hold off on sending that up until this matter is resolved. Jason From Jason at zx2c4.com Thu Jun 13 00:31:53 2024 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 13 Jun 2024 02:31:53 +0200 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org>

Message-ID: On Thu, Jun 13, 2024 at 01:31:57AM +0200, Jason A. Donenfeld wrote: > On Wed, Jun 12, 2024 at 03:37:55PM -0700, Paul E. McKenney wrote: > > On Wed, Jun 12, 2024 at 02:33:05PM -0700, Jakub Kicinski wrote: > > > On Sun, 9 Jun 2024 10:27:12 +0200 Julia Lawall wrote: > > > > Since SLOB was removed, it is not necessary to use call_rcu > > > > when the callback only performs kmem_cache_free. Use > > > > kfree_rcu() directly. > > > > > > > > The changes were done using the following Coccinelle semantic patch. > > > > This semantic patch is designed to ignore cases where the callback > > > > function is used in another way. > > > > > > How does the discussion on: > > > [PATCH] Revert "batman-adv: prefer kfree_rcu() over call_rcu() with free-only callbacks" > > > https://lore.kernel.org/all/20240612133357.2596-1-linus.luessing at c0d3.blue/ > > > reflect on this series? IIUC we should hold off.. > > > > We do need to hold off for the ones in kernel modules (such as 07/14) > > where the kmem_cache is destroyed during module unload. > > > > OK, I might as well go through them... > > > > [PATCH 01/14] wireguard: allowedips: replace call_rcu by kfree_rcu for simple kmem_cache_free callback > > Needs to wait, see wg_allowedips_slab_uninit(). > > Right, this has exactly the same pattern as the batman-adv issue: > > void wg_allowedips_slab_uninit(void) > { > rcu_barrier(); > kmem_cache_destroy(node_cache); > } > > I'll hold off on sending that up until this matter is resolved. BTW, I think this whole thing might be caused by: a35d16905efc ("rcu: Add basic support for kfree_rcu() batching") The commit message there mentions: There is an implication with rcu_barrier() with this patch. Since the kfree_rcu() calls can be batched, and may not be handed yet to the RCU machinery in fact, the monitor may not have even run yet to do the queue_rcu_work(), there seems no easy way of implementing rcu_barrier() to wait for those kfree_rcu()s that are already made. So this means a kfree_rcu() followed by an rcu_barrier() does not imply that memory will be freed once rcu_barrier() returns. Before that, a kfree_rcu() used to just add a normal call_rcu() into the list, but with the function offset < 4096 as a special marker. So the kfree_rcu() calls would be treated alongside the other call_rcu() ones and thus affected by rcu_barrier(). Looks like that behavior is no more since this commit. Rather than getting rid of the batching, which seems good for efficiency, I wonder if the right fix to this would be adding a `should_destroy` boolean to kmem_cache, which kmem_cache_destroy() sets to true. And then right after it checks `if (number_of_allocations == 0) actually_destroy()`, and likewise on each kmem_cache_free(), it could check `if (should_destroy && number_of_allocations == 0) actually_destroy()`. This way, the work is delayed until it's safe to do so. This might also mitigate other lurking bugs of bad code that calls kmem_cache_destroy() before kmem_cache_free(). Jason From paulmck at kernel.org Thu Jun 13 03:38:02 2024 From: paulmck at kernel.org (Paul E. McKenney) Date: Wed, 12 Jun 2024 20:38:02 -0700 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org>

Message-ID: <08ee7eb2-8d08-4f1f-9c46-495a544b8c0e@paulmck-laptop> On Thu, Jun 13, 2024 at 02:31:53AM +0200, Jason A. Donenfeld wrote: > On Thu, Jun 13, 2024 at 01:31:57AM +0200, Jason A. Donenfeld wrote: > > On Wed, Jun 12, 2024 at 03:37:55PM -0700, Paul E. McKenney wrote: > > > On Wed, Jun 12, 2024 at 02:33:05PM -0700, Jakub Kicinski wrote: > > > > On Sun, 9 Jun 2024 10:27:12 +0200 Julia Lawall wrote: > > > > > Since SLOB was removed, it is not necessary to use call_rcu > > > > > when the callback only performs kmem_cache_free. Use > > > > > kfree_rcu() directly. > > > > > > > > > > The changes were done using the following Coccinelle semantic patch. > > > > > This semantic patch is designed to ignore cases where the callback > > > > > function is used in another way. > > > > > > > > How does the discussion on: > > > > [PATCH] Revert "batman-adv: prefer kfree_rcu() over call_rcu() with free-only callbacks" > > > > https://lore.kernel.org/all/20240612133357.2596-1-linus.luessing at c0d3.blue/ > > > > reflect on this series? IIUC we should hold off.. > > > > > > We do need to hold off for the ones in kernel modules (such as 07/14) > > > where the kmem_cache is destroyed during module unload. > > > > > > OK, I might as well go through them... > > > > > > [PATCH 01/14] wireguard: allowedips: replace call_rcu by kfree_rcu for simple kmem_cache_free callback > > > Needs to wait, see wg_allowedips_slab_uninit(). > > > > Right, this has exactly the same pattern as the batman-adv issue: > > > > void wg_allowedips_slab_uninit(void) > > { > > rcu_barrier(); > > kmem_cache_destroy(node_cache); > > } > > > > I'll hold off on sending that up until this matter is resolved. > > BTW, I think this whole thing might be caused by: > > a35d16905efc ("rcu: Add basic support for kfree_rcu() batching") > > The commit message there mentions: > > There is an implication with rcu_barrier() with this patch. Since the > kfree_rcu() calls can be batched, and may not be handed yet to the RCU > machinery in fact, the monitor may not have even run yet to do the > queue_rcu_work(), there seems no easy way of implementing rcu_barrier() > to wait for those kfree_rcu()s that are already made. So this means a > kfree_rcu() followed by an rcu_barrier() does not imply that memory will > be freed once rcu_barrier() returns. > > Before that, a kfree_rcu() used to just add a normal call_rcu() into the > list, but with the function offset < 4096 as a special marker. So the > kfree_rcu() calls would be treated alongside the other call_rcu() ones > and thus affected by rcu_barrier(). Looks like that behavior is no more > since this commit. You might well be right, and thank you for digging into this! > Rather than getting rid of the batching, which seems good for > efficiency, I wonder if the right fix to this would be adding a > `should_destroy` boolean to kmem_cache, which kmem_cache_destroy() sets > to true. And then right after it checks `if (number_of_allocations == 0) > actually_destroy()`, and likewise on each kmem_cache_free(), it could > check `if (should_destroy && number_of_allocations == 0) > actually_destroy()`. This way, the work is delayed until it's safe to do > so. This might also mitigate other lurking bugs of bad code that calls > kmem_cache_destroy() before kmem_cache_free(). Here are the current options being considered, including those that are completely brain-dead: o Document current state. (Must use call_rcu() if module destroys slab of RCU-protected objects.) Need to review Julia's and Uladzislau's series of patches that change call_rcu() of slab objects to kfree_rcu(). o Make rcu_barrier() wait for kfree_rcu() objects. (This is surprisingly complex and will wait unnecessarily in some cases. However, it does preserve current code.) o Make a kfree_rcu_barrier() that waits for kfree_rcu() objects. (This avoids the unnecessary waits, but adds complexity to kfree_rcu(). This is harder than it looks, but could be done, for example by maintaining pairs of per-CPU counters and handling them in an SRCU-like fashion. Need some way of communicating the index, though.) (There might be use cases where both rcu_barrier() and kfree_rcu_barrier() would need to be invoked.) A simpler way to implement this is to scan all of the in-flight objects, and queue each (either separately or in bulk) using call_rcu(). This still has problems with kfree_rcu_mightsleep() under low-memory conditions, in which case there are a bunch of synchronize_rcu() instances waiting. These instances could use SRCU-like per-CPU arrays of counters. Or just protect the calls to synchronize_rcu() and the later frees with an SRCU reader, then have the other end call synchronize_srcu(). o Make the current kmem_cache_destroy() asynchronously wait for all memory to be returned, then complete the destruction. (This gets rid of a valuable debugging technique because in normal use, it is a bug to attempt to destroy a kmem_cache that has objects still allocated.) o Make a kmem_cache_destroy_rcu() that asynchronously waits for all memory to be returned, then completes the destruction. (This raises the question of what to is it takes a "long time" for the objects to be freed.) o Make a kmem_cache_free_barrier() that blocks until all objects in the specified kmem_cache have been freed. o Make a kmem_cache_destroy_wait() that waits for all memory to be returned, then does the destruction. This is equivalent to: kmem_cache_free_barrier(&mycache); kmem_cache_destroy(&mycache); Uladzislau has started discussions on the last few of these: https://lore.kernel.org/all/ZmnL4jkhJLIW924W at pc636/ I have also added this information to a Google Document for easier tracking: https://docs.google.com/document/d/1v0rcZLvvjVGejT3523W0rDy_sLFu2LWc_NR3fQItZaA/edit?usp=sharing Other thoughts? Thanx, Paul From Jason at zx2c4.com Thu Jun 13 11:58:59 2024 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 13 Jun 2024 13:58:59 +0200 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org> Message-ID: On Wed, Jun 12, 2024 at 03:37:55PM -0700, Paul E. McKenney wrote: > On Wed, Jun 12, 2024 at 02:33:05PM -0700, Jakub Kicinski wrote: > > On Sun, 9 Jun 2024 10:27:12 +0200 Julia Lawall wrote: > > > Since SLOB was removed, it is not necessary to use call_rcu > > > when the callback only performs kmem_cache_free. Use > > > kfree_rcu() directly. > > > > > > The changes were done using the following Coccinelle semantic patch. > > > This semantic patch is designed to ignore cases where the callback > > > function is used in another way. > > > > How does the discussion on: > > [PATCH] Revert "batman-adv: prefer kfree_rcu() over call_rcu() with free-only callbacks" > > https://lore.kernel.org/all/20240612133357.2596-1-linus.luessing at c0d3.blue/ > > reflect on this series? IIUC we should hold off.. > > We do need to hold off for the ones in kernel modules (such as 07/14) > where the kmem_cache is destroyed during module unload. > > OK, I might as well go through them... > > [PATCH 01/14] wireguard: allowedips: replace call_rcu by kfree_rcu for simple kmem_cache_free callback > Needs to wait, see wg_allowedips_slab_uninit(). Also, notably, this patch needs additionally: diff --git a/drivers/net/wireguard/allowedips.c b/drivers/net/wireguard/allowedips.c index e4e1638fce1b..c95f6937c3f1 100644 --- a/drivers/net/wireguard/allowedips.c +++ b/drivers/net/wireguard/allowedips.c @@ -377,7 +377,6 @@ int __init wg_allowedips_slab_init(void) void wg_allowedips_slab_uninit(void) { - rcu_barrier(); kmem_cache_destroy(node_cache); } Once kmem_cache_destroy has been fixed to be deferrable. I assume the other patches are similar -- an rcu_barrier() can be removed. So some manual meddling of these might be in order. Jason From Jason at zx2c4.com Thu Jun 13 12:22:41 2024 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 13 Jun 2024 14:22:41 +0200 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: <08ee7eb2-8d08-4f1f-9c46-495a544b8c0e@paulmck-laptop> References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org>

<08ee7eb2-8d08-4f1f-9c46-495a544b8c0e@paulmck-laptop> Message-ID: On Wed, Jun 12, 2024 at 08:38:02PM -0700, Paul E. McKenney wrote: > o Make the current kmem_cache_destroy() asynchronously wait for > all memory to be returned, then complete the destruction. > (This gets rid of a valuable debugging technique because > in normal use, it is a bug to attempt to destroy a kmem_cache > that has objects still allocated.) > > o Make a kmem_cache_destroy_rcu() that asynchronously waits for > all memory to be returned, then completes the destruction. > (This raises the question of what to is it takes a "long time" > for the objects to be freed.) These seem like the best two options. > o Make a kmem_cache_free_barrier() that blocks until all > objects in the specified kmem_cache have been freed. > > o Make a kmem_cache_destroy_wait() that waits for all memory to > be returned, then does the destruction. This is equivalent to: > > kmem_cache_free_barrier(&mycache); > kmem_cache_destroy(&mycache); These also seem fine, but I'm less keen about blocking behavior. Though, along the ideas of kmem_cache_destroy_rcu(), you might also consider renaming this last one to kmem_cache_destroy_rcu_wait/barrier(). This way, it's RCU focused, and you can deal directly with the question of, "how long is too long to block/to memleak?" Specifically what I mean is that we can still claim a memory leak has occurred if one batched kfree_rcu freeing grace period has elapsed since the last call to kmem_cache_destroy_rcu_wait/barrier() or kmem_cache_destroy_rcu(). In that case, you quit blocking, or you quit asynchronously waiting, and then you splat about a memleak like we have now. But then, if that mechanism generally works, we don't really need a new function and we can just go with the first option of making kmem_cache_destroy() asynchronously wait. It'll wait, as you described, but then we adjust the tail of every kfree_rcu batch freeing cycle to check if there are _still_ any old outstanding kmem_cache_destroy() requests. If so, then we can splat and keep the old debugging info we currently have for finding memleaks. Jason From paulmck at kernel.org Thu Jun 13 12:46:11 2024 From: paulmck at kernel.org (Paul E. McKenney) Date: Thu, 13 Jun 2024 05:46:11 -0700 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org>

<08ee7eb2-8d08-4f1f-9c46-495a544b8c0e@paulmck-laptop> Message-ID: On Thu, Jun 13, 2024 at 02:22:41PM +0200, Jason A. Donenfeld wrote: > On Wed, Jun 12, 2024 at 08:38:02PM -0700, Paul E. McKenney wrote: > > o Make the current kmem_cache_destroy() asynchronously wait for > > all memory to be returned, then complete the destruction. > > (This gets rid of a valuable debugging technique because > > in normal use, it is a bug to attempt to destroy a kmem_cache > > that has objects still allocated.) > > > > o Make a kmem_cache_destroy_rcu() that asynchronously waits for > > all memory to be returned, then completes the destruction. > > (This raises the question of what to is it takes a "long time" > > for the objects to be freed.) > > These seem like the best two options. I like them myself, but much depends on how much violence they do to the slab subsystem and to debuggability. > > o Make a kmem_cache_free_barrier() that blocks until all > > objects in the specified kmem_cache have been freed. > > > > o Make a kmem_cache_destroy_wait() that waits for all memory to > > be returned, then does the destruction. This is equivalent to: > > > > kmem_cache_free_barrier(&mycache); > > kmem_cache_destroy(&mycache); > > These also seem fine, but I'm less keen about blocking behavior. One advantage of the blocking behavior is that it pinpoints memory leaks from that slab. On the other hand, one can argue that you want this to block during testing but to be asynchronous in production. Borrowing someone else's hand, there are probably lots of other arguments one can make. > Though, along the ideas of kmem_cache_destroy_rcu(), you might also > consider renaming this last one to kmem_cache_destroy_rcu_wait/barrier(). > This way, it's RCU focused, and you can deal directly with the question > of, "how long is too long to block/to memleak?" Good point! > Specifically what I mean is that we can still claim a memory leak has > occurred if one batched kfree_rcu freeing grace period has elapsed since > the last call to kmem_cache_destroy_rcu_wait/barrier() or > kmem_cache_destroy_rcu(). In that case, you quit blocking, or you quit > asynchronously waiting, and then you splat about a memleak like we have > now. How about a kmem_cache_destroy_rcu() that marks that specified cache for destruction, and then a kmem_cache_destroy_barrier() that waits? I took the liberty of adding your name to the Google document [1] and adding this section: kmem_cache_destroy_rcu/_barrier() The idea here is to provide a asynchronous? kmem_cache_destroy_rcu() as described above along with a kmem_cache_destroy_barrier() that waits for the destruction of all prior kmem_cache instances previously passed to kmem_cache_destroy_rcu().? Alternatively,? could return a cookie that could be passed into a later call to kmem_cache_destroy_barrier().? This alternative has the advantage of isolating which kmem_cache instance is suffering the memory leak. Please let me know if either liberty is in any way problematic. > But then, if that mechanism generally works, we don't really need a new > function and we can just go with the first option of making > kmem_cache_destroy() asynchronously wait. It'll wait, as you described, > but then we adjust the tail of every kfree_rcu batch freeing cycle to > check if there are _still_ any old outstanding kmem_cache_destroy() > requests. If so, then we can splat and keep the old debugging info we > currently have for finding memleaks. The mechanism can always be sabotaged by memory-leak bugs on the part of the user of the kmem_cache structure in play, right? OK, but I see your point. I added this to the existing "kmem_cache_destroy() Lingers for kfree_rcu()" section: One way of preserving this debugging information is to splat if all of the slab?s memory has not been freed within a reasonable timeframe, perhaps the same 21 seconds that causes an RCU CPU stall warning. Does that capture it? Thanx, Paul [1] https://docs.google.com/document/d/1v0rcZLvvjVGejT3523W0rDy_sLFu2LWc_NR3fQItZaA/edit?usp=sharing From paulmck at kernel.org Thu Jun 13 12:47:08 2024 From: paulmck at kernel.org (Paul E. McKenney) Date: Thu, 13 Jun 2024 05:47:08 -0700 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org> Message-ID: <80e03b02-7e24-4342-af0b-ba5117b19828@paulmck-laptop> On Thu, Jun 13, 2024 at 01:58:59PM +0200, Jason A. Donenfeld wrote: > On Wed, Jun 12, 2024 at 03:37:55PM -0700, Paul E. McKenney wrote: > > On Wed, Jun 12, 2024 at 02:33:05PM -0700, Jakub Kicinski wrote: > > > On Sun, 9 Jun 2024 10:27:12 +0200 Julia Lawall wrote: > > > > Since SLOB was removed, it is not necessary to use call_rcu > > > > when the callback only performs kmem_cache_free. Use > > > > kfree_rcu() directly. > > > > > > > > The changes were done using the following Coccinelle semantic patch. > > > > This semantic patch is designed to ignore cases where the callback > > > > function is used in another way. > > > > > > How does the discussion on: > > > [PATCH] Revert "batman-adv: prefer kfree_rcu() over call_rcu() with free-only callbacks" > > > https://lore.kernel.org/all/20240612133357.2596-1-linus.luessing at c0d3.blue/ > > > reflect on this series? IIUC we should hold off.. > > > > We do need to hold off for the ones in kernel modules (such as 07/14) > > where the kmem_cache is destroyed during module unload. > > > > OK, I might as well go through them... > > > > [PATCH 01/14] wireguard: allowedips: replace call_rcu by kfree_rcu for simple kmem_cache_free callback > > Needs to wait, see wg_allowedips_slab_uninit(). > > Also, notably, this patch needs additionally: > > diff --git a/drivers/net/wireguard/allowedips.c b/drivers/net/wireguard/allowedips.c > index e4e1638fce1b..c95f6937c3f1 100644 > --- a/drivers/net/wireguard/allowedips.c > +++ b/drivers/net/wireguard/allowedips.c > @@ -377,7 +377,6 @@ int __init wg_allowedips_slab_init(void) > > void wg_allowedips_slab_uninit(void) > { > - rcu_barrier(); > kmem_cache_destroy(node_cache); > } > > Once kmem_cache_destroy has been fixed to be deferrable. > > I assume the other patches are similar -- an rcu_barrier() can be > removed. So some manual meddling of these might be in order. Assuming that the deferrable kmem_cache_destroy() is the option chosen, agreed. Thanx, Paul From urezki at gmail.com Thu Jun 13 13:06:54 2024 From: urezki at gmail.com (Uladzislau Rezki) Date: Thu, 13 Jun 2024 15:06:54 +0200 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: <80e03b02-7e24-4342-af0b-ba5117b19828@paulmck-laptop> References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org> <80e03b02-7e24-4342-af0b-ba5117b19828@paulmck-laptop> Message-ID: On Thu, Jun 13, 2024 at 05:47:08AM -0700, Paul E. McKenney wrote: > On Thu, Jun 13, 2024 at 01:58:59PM +0200, Jason A. Donenfeld wrote: > > On Wed, Jun 12, 2024 at 03:37:55PM -0700, Paul E. McKenney wrote: > > > On Wed, Jun 12, 2024 at 02:33:05PM -0700, Jakub Kicinski wrote: > > > > On Sun, 9 Jun 2024 10:27:12 +0200 Julia Lawall wrote: > > > > > Since SLOB was removed, it is not necessary to use call_rcu > > > > > when the callback only performs kmem_cache_free. Use > > > > > kfree_rcu() directly. > > > > > > > > > > The changes were done using the following Coccinelle semantic patch. > > > > > This semantic patch is designed to ignore cases where the callback > > > > > function is used in another way. > > > > > > > > How does the discussion on: > > > > [PATCH] Revert "batman-adv: prefer kfree_rcu() over call_rcu() with free-only callbacks" > > > > https://lore.kernel.org/all/20240612133357.2596-1-linus.luessing at c0d3.blue/ > > > > reflect on this series? IIUC we should hold off.. > > > > > > We do need to hold off for the ones in kernel modules (such as 07/14) > > > where the kmem_cache is destroyed during module unload. > > > > > > OK, I might as well go through them... > > > > > > [PATCH 01/14] wireguard: allowedips: replace call_rcu by kfree_rcu for simple kmem_cache_free callback > > > Needs to wait, see wg_allowedips_slab_uninit(). > > > > Also, notably, this patch needs additionally: > > > > diff --git a/drivers/net/wireguard/allowedips.c b/drivers/net/wireguard/allowedips.c > > index e4e1638fce1b..c95f6937c3f1 100644 > > --- a/drivers/net/wireguard/allowedips.c > > +++ b/drivers/net/wireguard/allowedips.c > > @@ -377,7 +377,6 @@ int __init wg_allowedips_slab_init(void) > > > > void wg_allowedips_slab_uninit(void) > > { > > - rcu_barrier(); > > kmem_cache_destroy(node_cache); > > } > > > > Once kmem_cache_destroy has been fixed to be deferrable. > > > > I assume the other patches are similar -- an rcu_barrier() can be > > removed. So some manual meddling of these might be in order. > > Assuming that the deferrable kmem_cache_destroy() is the option chosen, > agreed. > void kmem_cache_destroy(struct kmem_cache *s) { int err = -EBUSY; bool rcu_set; if (unlikely(!s) || !kasan_check_byte(s)) return; cpus_read_lock(); mutex_lock(&slab_mutex); rcu_set = s->flags & SLAB_TYPESAFE_BY_RCU; s->refcount--; if (s->refcount) goto out_unlock; err = shutdown_cache(s); WARN(err, "%s %s: Slab cache still has objects when called from %pS", __func__, s->name, (void *)_RET_IP_); ... cpus_read_unlock(); if (!err && !rcu_set) kmem_cache_release(s); } so we have SLAB_TYPESAFE_BY_RCU flag that defers freeing slab-pages and a cache by a grace period. Similar flag can be added, like SLAB_DESTROY_ONCE_FULLY_FREED, in this case a worker rearm itself if there are still objects which should be freed. Any thoughts here? -- Uladzislau Rezki From Jason at zx2c4.com Thu Jun 13 14:11:52 2024 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 13 Jun 2024 16:11:52 +0200 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org>

<08ee7eb2-8d08-4f1f-9c46-495a544b8c0e@paulmck-laptop>

Message-ID: On Thu, Jun 13, 2024 at 05:46:11AM -0700, Paul E. McKenney wrote: > How about a kmem_cache_destroy_rcu() that marks that specified cache > for destruction, and then a kmem_cache_destroy_barrier() that waits? > > I took the liberty of adding your name to the Google document [1] and > adding this section: Cool, though no need to make me yellow! > > But then, if that mechanism generally works, we don't really need a new > > function and we can just go with the first option of making > > kmem_cache_destroy() asynchronously wait. It'll wait, as you described, > > but then we adjust the tail of every kfree_rcu batch freeing cycle to > > check if there are _still_ any old outstanding kmem_cache_destroy() > > requests. If so, then we can splat and keep the old debugging info we > > currently have for finding memleaks. > > The mechanism can always be sabotaged by memory-leak bugs on the part > of the user of the kmem_cache structure in play, right? > > OK, but I see your point. I added this to the existing > "kmem_cache_destroy() Lingers for kfree_rcu()" section: > > One way of preserving this debugging information is to splat if > all of the slab?s memory has not been freed within a reasonable > timeframe, perhaps the same 21 seconds that causes an RCU CPU > stall warning. > > Does that capture it? Not quite what I was thinking. Your 21 seconds as a time-based thing I guess could be fine. But I was mostly thinking: 1) kmem_cache_destroy() is called, but there are outstanding objects, so it defers. 2) Sometime later, a kfree_rcu_work batch freeing operation runs. 3) At the end of this batch freeing, the kernel notices that the kmem_cache whose destruction was previously deferred still has outstanding objects and has not been destroyed. It can conclude that there's thus been a memory leak. In other words, instead of having to do this based on timers, you can just have the batch freeing code ask, "did those pending kmem_cache destructions get completed as a result of this last operation?" From kuba at kernel.org Thu Jun 13 14:17:38 2024 From: kuba at kernel.org (Jakub Kicinski) Date: Thu, 13 Jun 2024 07:17:38 -0700 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: <08ee7eb2-8d08-4f1f-9c46-495a544b8c0e@paulmck-laptop> References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org>

<08ee7eb2-8d08-4f1f-9c46-495a544b8c0e@paulmck-laptop> Message-ID: <20240613071738.0655ff4f@kernel.org> On Wed, 12 Jun 2024 20:38:02 -0700 Paul E. McKenney wrote: > o Make rcu_barrier() wait for kfree_rcu() objects. (This is > surprisingly complex and will wait unnecessarily in some cases. > However, it does preserve current code.) Not sure how much mental capacity for API variations we expect from people using caches, but I feel like this would score the highest on Rusty's API scale. I'd even venture an opinion that it's less confusing to require cache users to have their own (trivial) callbacks than add API variants we can't error check even at runtime... From perry at cynic.org Thu Jun 13 14:34:32 2024 From: perry at cynic.org (Perry The Cynic) Date: Thu, 13 Jun 2024 07:34:32 -0700 Subject: Wireguard, iPhone, and cruise ships Message-ID: <60B826FA-3FCA-40B5-9771-8FFEDA6278AB@cynic.org> Dear wg community, I recently enjoyed a cruise to Alaska. Fun and easy, and with Starlink on board, the WiFi connectivity was actually not bad (some sporadic packet drops, mostly). Sadly, the cruise company?s network unceremoniously drops UDP of most kinds, leading to my Wireguard VPN (to my inside network at home) failing entirely. The cruise line is utterly immovable on this: ?it?s someone else?s fault, and how dare you want to do this nonstandard thing?? Yes, I actually talked to their onboard IT guy. ?It?s on the network path somewhere, and they don?t even tell me how and why." Now I totally understand Wireguard?s attitude towards this: It?s not a ?core? wg problem, and should be solved on the outside by whatever tools happen to fit the problem. If this was a linux-to-linux connection, I?d just pop in my favorite TCP-ish tunnel tool and move on. But it?s an iPhone (and iPad). And iOS doesn?t seem to like network composability. At all. Once you move outside the ?it?s a VPN endpoint? paradigm, things get stuck very quickly. I realize this is all Apple?s fault, and they should allow building arbitrary network stacks in iOS. But they don?t (yet). NWConnection is getting pretty good, but it requires in-app code composition. AFAIK, you can?t stack two iOS VPNs on top of each other (right?). So what are the practically available options here? I can set up whatever is needed on the server endpoint (it?s Debian), but what can I do on my phone to make wg work through an HTTP(s)-shaped pinhole? I?d hate to have to ditch wg for some other vpn just for that rare case? but what?s the answer? And, to prefetch a possible ending of this discussion: if I coded up patches to the iOS client that add some tcp-wrapper option, would you take it? Cheers ? perry --------------------------------------------------------------------------- Perry The Cynic perry at cynic.org To a blind optimist, an optimistic realist must seem like an Accursed Cynic. --------------------------------------------------------------------------- From perry at cynic.org Thu Jun 13 14:42:41 2024 From: perry at cynic.org (Perry The Cynic) Date: Thu, 13 Jun 2024 07:42:41 -0700 Subject: Wireguard, iPhone, and cruise ships In-Reply-To: References: <60B826FA-3FCA-40B5-9771-8FFEDA6278AB@cynic.org> Message-ID: <2A8A3A9D-82CD-451B-B693-3FD01CF5861C@cynic.org> I?m basically coming to the conclusion that it?s not a wg core issue, but it IS an iOS app issue. If iOS won?t support a composition that works, then the app needs to. Somehow. Cheers ? perry > On Jun 13, 2024, at 7:40?AM, Amir Omidi wrote: > > I think there is "technically" a way to put a VPN on a VPN and that is doing one of those VPNs as a configuration profile. I'm not 100% sure about this though. > > I've run into very similar issues to this at various hotels. I've also always wished there was something to do HTTP tunneling on Wireguard officially to help with these awful network setups. But I also understand that's not a core WG issue. > > > On Thu, Jun 13, 2024 at 2:35?PM Perry The Cynic wrote: > Dear wg community, > > I recently enjoyed a cruise to Alaska. Fun and easy, and with Starlink on board, the WiFi connectivity was actually not bad (some sporadic packet drops, mostly). Sadly, the cruise company?s network unceremoniously drops UDP of most kinds, leading to my Wireguard VPN (to my inside network at home) failing entirely. The cruise line is utterly immovable on this: ?it?s someone else?s fault, and how dare you want to do this nonstandard thing?? Yes, I actually talked to their onboard IT guy. ?It?s on the network path somewhere, and they don?t even tell me how and why." > > Now I totally understand Wireguard?s attitude towards this: It?s not a ?core? wg problem, and should be solved on the outside by whatever tools happen to fit the problem. If this was a linux-to-linux connection, I?d just pop in my favorite TCP-ish tunnel tool and move on. But it?s an iPhone (and iPad). And iOS doesn?t seem to like network composability. At all. Once you move outside the ?it?s a VPN endpoint? paradigm, things get stuck very quickly. I realize this is all Apple?s fault, and they should allow building arbitrary network stacks in iOS. But they don?t (yet). NWConnection is getting pretty good, but it requires in-app code composition. AFAIK, you can?t stack two iOS VPNs on top of each other (right?). > > So what are the practically available options here? I can set up whatever is needed on the server endpoint (it?s Debian), but what can I do on my phone to make wg work through an HTTP(s)-shaped pinhole? I?d hate to have to ditch wg for some other vpn just for that rare case? but what?s the answer? > > And, to prefetch a possible ending of this discussion: if I coded up patches to the iOS client that add some tcp-wrapper option, would you take it? > > Cheers > ? perry > --------------------------------------------------------------------------- > Perry The Cynic perry at cynic.org > To a blind optimist, an optimistic realist must seem like an Accursed Cynic. > --------------------------------------------------------------------------- > From a at unstable.cc Thu Jun 13 14:45:40 2024 From: a at unstable.cc (Antonio Quartulli) Date: Thu, 13 Jun 2024 16:45:40 +0200 Subject: Wireguard, iPhone, and cruise ships In-Reply-To: <60B826FA-3FCA-40B5-9771-8FFEDA6278AB@cynic.org> References: <60B826FA-3FCA-40B5-9771-8FFEDA6278AB@cynic.org> Message-ID: Hi, On 13/06/2024 16:34, Perry The Cynic wrote: > So what are the practically available options here? I can set up whatever is needed on the server endpoint (it?s Debian), but what can I do on my phone to make wg work through an HTTP(s)-shaped pinhole? I?d hate to have to ditch wg for some other vpn just for that rare case? but what?s the answer? How about simply getting a small travel router that you can install between your devices and the uplink connection (being this wifi or ethernet)? The travel router could be running OpenWRT and thus allow you to play any wanted trick. Cheers, -- Antonio Quartulli From perry at cynic.org Thu Jun 13 14:52:19 2024 From: perry at cynic.org (Perry The Cynic) Date: Thu, 13 Jun 2024 07:52:19 -0700 Subject: Wireguard, iPhone, and cruise ships In-Reply-To: References: <60B826FA-3FCA-40B5-9771-8FFEDA6278AB@cynic.org> Message-ID: That works when I?m in my room/cabin/place. I?m actually building a Raspberry Pi-based travel box right now (so next time I have linux tools to diagnose problems), and it can do tcp wrapping/forwarding. But carrying a battery-powered router-sized thing around on vacation somewhat defeats the point of carrying an iPhone on travel. Another box to break, another battery to run out. And my wife wants vpn access too, even if she?s away from me. Cheers ? perry > On Jun 13, 2024, at 7:45?AM, Antonio Quartulli wrote: > > Hi, > > On 13/06/2024 16:34, Perry The Cynic wrote: >> So what are the practically available options here? I can set up whatever is needed on the server endpoint (it?s Debian), but what can I do on my phone to make wg work through an HTTP(s)-shaped pinhole? I?d hate to have to ditch wg for some other vpn just for that rare case? but what?s the answer? > > How about simply getting a small travel router that you can install between your devices and the uplink connection (being this wifi or ethernet)? > > The travel router could be running OpenWRT and thus allow you to play any wanted trick. > > Cheers, > > -- > Antonio Quartulli From paulmck at kernel.org Thu Jun 13 14:53:24 2024 From: paulmck at kernel.org (Paul E. McKenney) Date: Thu, 13 Jun 2024 07:53:24 -0700 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: <20240613071738.0655ff4f@kernel.org> References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org>

<08ee7eb2-8d08-4f1f-9c46-495a544b8c0e@paulmck-laptop> <20240613071738.0655ff4f@kernel.org> Message-ID: <62757652-8874-45d7-afec-734edeb03831@paulmck-laptop> On Thu, Jun 13, 2024 at 07:17:38AM -0700, Jakub Kicinski wrote: > On Wed, 12 Jun 2024 20:38:02 -0700 Paul E. McKenney wrote: > > o Make rcu_barrier() wait for kfree_rcu() objects. (This is > > surprisingly complex and will wait unnecessarily in some cases. > > However, it does preserve current code.) > > Not sure how much mental capacity for API variations we expect from > people using caches, but I feel like this would score the highest > on Rusty's API scale. I'd even venture an opinion that it's less > confusing to require cache users to have their own (trivial) callbacks > than add API variants we can't error check even at runtime... Fair point, though please see Jason's emails. And the underlying within-RCU mechanism is the same either way, so that API decision can be deferred for some time. But the within-slab mechanism does have the advantage of also possibly simplifying reference-counting and the potential upcoming hazard pointers. On the other hand, I currently have no idea what level of violence this change would make to the slab subsystem. Thanx, Paul From paulmck at kernel.org Thu Jun 13 15:06:30 2024 From: paulmck at kernel.org (Paul E. McKenney) Date: Thu, 13 Jun 2024 08:06:30 -0700 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org> <80e03b02-7e24-4342-af0b-ba5117b19828@paulmck-laptop> Message-ID: <7efde25f-6af5-4a67-abea-b26732a8aca1@paulmck-laptop> On Thu, Jun 13, 2024 at 03:06:54PM +0200, Uladzislau Rezki wrote: > On Thu, Jun 13, 2024 at 05:47:08AM -0700, Paul E. McKenney wrote: > > On Thu, Jun 13, 2024 at 01:58:59PM +0200, Jason A. Donenfeld wrote: > > > On Wed, Jun 12, 2024 at 03:37:55PM -0700, Paul E. McKenney wrote: > > > > On Wed, Jun 12, 2024 at 02:33:05PM -0700, Jakub Kicinski wrote: > > > > > On Sun, 9 Jun 2024 10:27:12 +0200 Julia Lawall wrote: > > > > > > Since SLOB was removed, it is not necessary to use call_rcu > > > > > > when the callback only performs kmem_cache_free. Use > > > > > > kfree_rcu() directly. > > > > > > > > > > > > The changes were done using the following Coccinelle semantic patch. > > > > > > This semantic patch is designed to ignore cases where the callback > > > > > > function is used in another way. > > > > > > > > > > How does the discussion on: > > > > > [PATCH] Revert "batman-adv: prefer kfree_rcu() over call_rcu() with free-only callbacks" > > > > > https://lore.kernel.org/all/20240612133357.2596-1-linus.luessing at c0d3.blue/ > > > > > reflect on this series? IIUC we should hold off.. > > > > > > > > We do need to hold off for the ones in kernel modules (such as 07/14) > > > > where the kmem_cache is destroyed during module unload. > > > > > > > > OK, I might as well go through them... > > > > > > > > [PATCH 01/14] wireguard: allowedips: replace call_rcu by kfree_rcu for simple kmem_cache_free callback > > > > Needs to wait, see wg_allowedips_slab_uninit(). > > > > > > Also, notably, this patch needs additionally: > > > > > > diff --git a/drivers/net/wireguard/allowedips.c b/drivers/net/wireguard/allowedips.c > > > index e4e1638fce1b..c95f6937c3f1 100644 > > > --- a/drivers/net/wireguard/allowedips.c > > > +++ b/drivers/net/wireguard/allowedips.c > > > @@ -377,7 +377,6 @@ int __init wg_allowedips_slab_init(void) > > > > > > void wg_allowedips_slab_uninit(void) > > > { > > > - rcu_barrier(); > > > kmem_cache_destroy(node_cache); > > > } > > > > > > Once kmem_cache_destroy has been fixed to be deferrable. > > > > > > I assume the other patches are similar -- an rcu_barrier() can be > > > removed. So some manual meddling of these might be in order. > > > > Assuming that the deferrable kmem_cache_destroy() is the option chosen, > > agreed. > > > > void kmem_cache_destroy(struct kmem_cache *s) > { > int err = -EBUSY; > bool rcu_set; > > if (unlikely(!s) || !kasan_check_byte(s)) > return; > > cpus_read_lock(); > mutex_lock(&slab_mutex); > > rcu_set = s->flags & SLAB_TYPESAFE_BY_RCU; > > s->refcount--; > if (s->refcount) > goto out_unlock; > > err = shutdown_cache(s); > WARN(err, "%s %s: Slab cache still has objects when called from %pS", > __func__, s->name, (void *)_RET_IP_); > ... > cpus_read_unlock(); > if (!err && !rcu_set) > kmem_cache_release(s); > } > > > so we have SLAB_TYPESAFE_BY_RCU flag that defers freeing slab-pages > and a cache by a grace period. Similar flag can be added, like > SLAB_DESTROY_ONCE_FULLY_FREED, in this case a worker rearm itself > if there are still objects which should be freed. > > Any thoughts here? Wouldn't we also need some additional code to later check for all objects being freed to the slab, whether or not that code is initiated from kmem_cache_destroy()? Either way, I am adding the SLAB_DESTROY_ONCE_FULLY_FREED possibility, thank you! [1] Thanx, Paul [1] https://docs.google.com/document/d/1v0rcZLvvjVGejT3523W0rDy_sLFu2LWc_NR3fQItZaA/edit?usp=sharing From paulmck at kernel.org Thu Jun 13 15:12:05 2024 From: paulmck at kernel.org (Paul E. McKenney) Date: Thu, 13 Jun 2024 08:12:05 -0700 Subject: [PATCH 00/14] replace call_rcu by kfree_rcu for simple kmem_cache_free callback In-Reply-To: References: <20240609082726.32742-1-Julia.Lawall@inria.fr> <20240612143305.451abf58@kernel.org>

<08ee7eb2-8d08-4f1f-9c46-495a544b8c0e@paulmck-laptop>