mm: slub: be more careful about the double cmpxchg of freelist

[linux.git] / mm / slub.c

diff --git a/mm/slub.c b/mm/slub.c
index eae5bb47b22f1260fc3440178fa83c6c65fd1cf0..97580b41a24b1f184df311050ebc8ad6c92ec964 100644 (file)
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2997,11 +2997,13 @@ static __always_inline void do_slab_free(struct kmem_cache *s,
        barrier();
 
        if (likely(page == c->page)) {
-               set_freepointer(s, tail_obj, c->freelist);
+               void **freelist = READ_ONCE(c->freelist);
+
+               set_freepointer(s, tail_obj, freelist);
 
                if (unlikely(!this_cpu_cmpxchg_double(
                                s->cpu_slab->freelist, s->cpu_slab->tid,
-                               c->freelist, tid,
+                               freelist, tid,
                                head, next_tid(tid)))) {
 
                        note_cmpxchg_failure("slab_free", s, tid);