]>
Commit | Line | Data |
---|---|---|
00e5a55c BS |
1 | From: Miklos Szeredi <mszeredi@suse.cz> |
2 | Subject: Fix use of uninitialized variable in cache_grow() | |
3 | Patch-mainline: no | |
4 | References: bnc#444597 | |
5 | ||
6 | This fixes a bug in SoN-08-reserve-slub.patch. | |
7 | ||
8 | If cache_grow() was called with objp != NULL then the 'reserve' local | |
9 | variable wasn't initialized. This resulted in ac->reserve being set to | |
10 | a rubbish value. Due to this in some circumstances huge amounts of | |
11 | slab pages were allocated (due to slab_force_alloc() returning true), | |
12 | which caused atomic page allocation failures and slowdown of the | |
13 | system. | |
14 | ||
15 | Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> | |
16 | --- | |
17 | mm/slab.c | 5 +++-- | |
18 | 1 file changed, 3 insertions(+), 2 deletions(-) | |
19 | ||
20 | Index: linux-2.6.27/mm/slab.c | |
21 | =================================================================== | |
22 | --- linux-2.6.27.orig/mm/slab.c 2008-12-03 22:11:12.000000000 +0100 | |
23 | +++ linux-2.6.27/mm/slab.c 2008-12-03 22:14:37.000000000 +0100 | |
24 | @@ -2785,7 +2785,7 @@ static int cache_grow(struct kmem_cache | |
25 | size_t offset; | |
26 | gfp_t local_flags; | |
27 | struct kmem_list3 *l3; | |
28 | - int reserve; | |
29 | + int reserve = -1; | |
30 | ||
31 | /* | |
32 | * Be lazy and only check for valid flags here, keeping it out of the | |
33 | @@ -2841,7 +2841,8 @@ static int cache_grow(struct kmem_cache | |
34 | if (local_flags & __GFP_WAIT) | |
35 | local_irq_disable(); | |
36 | check_irq_off(); | |
37 | - slab_set_reserve(cachep, reserve); | |
38 | + if (reserve != -1) | |
39 | + slab_set_reserve(cachep, reserve); | |
40 | spin_lock(&l3->list_lock); | |
41 | ||
42 | /* Make slab active. */ |