releases/2.6.22.14/slub-fix-memory-leak-by-not-reusing-cpu_slab.patch

   1 From stable-bounces@linux.kernel.org Mon Nov  5 11:24:17 2007
   2 From: Christoph Lameter <clameter@sgi.com>
   3 Date: Mon, 5 Nov 2007 11:23:51 -0800 (PST)
   4 Subject: SLUB: Fix memory leak by not reusing cpu_slab
   5 To: stable@kernel.org
   6 Cc: linux-kernel@vger.kernel.org, Olivér Pintér <oliver.pntr@gmail.com>, Hugh Dickins <hugh@veritas.com>, Andrew Morton <akpm@linux-foundation.org>, Linus Torvalds <torvalds@linux-foundation.org>, Willy Tarreau <w@1wt.eu>
   7 Message-ID: <Pine.LNX.4.64.0711051123130.15999@schroedinger.engr.sgi.com>
   8
   9 From: Christoph Lameter <clameter@sgi.com>
  10
  11 backport of 05aa345034de6ae9c77fb93f6a796013641d57d5 from Linus's tree.
  12
  13 SLUB: Fix memory leak by not reusing cpu_slab
  14
  15 Fix the memory leak that may occur when we attempt to reuse a cpu_slab
  16 that was allocated while we reenabled interrupts in order to be able to
  17 grow a slab cache. The per cpu freelist may contain objects and in that
  18 situation we may overwrite the per cpu freelist pointer loosing objects.
  19 This only occurs if we find that the concurrently allocated slab fits
  20 our allocation needs.
  21
  22 If we simply always deactivate the slab then the freelist will be properly
  23 reintegrated and the memory leak will go away.
  24
  25 Signed-off-by: Christoph Lameter <clameter@sgi.com>
  26 Cc: Hugh Dickins <hugh@veritas.com>
  27 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  28
  29 ---
  30  mm/slub.c |   22 +---------------------
  31  1 file changed, 1 insertion(+), 21 deletions(-)
  32
  33 --- a/mm/slub.c
  34 +++ b/mm/slub.c
  35 @@ -1431,28 +1431,8 @@ new_slab:
  36         page = new_slab(s, gfpflags, node);
  37         if (page) {
  38                 cpu = smp_processor_id();
  39 -               if (s->cpu_slab[cpu]) {
  40 -                       /*
  41 -                        * Someone else populated the cpu_slab while we
  42 -                        * enabled interrupts, or we have gotten scheduled
  43 -                        * on another cpu. The page may not be on the
  44 -                        * requested node even if __GFP_THISNODE was
  45 -                        * specified. So we need to recheck.
  46 -                        */
  47 -                       if (node == -1 ||
  48 -                               page_to_nid(s->cpu_slab[cpu]) == node) {
  49 -                               /*
  50 -                                * Current cpuslab is acceptable and we
  51 -                                * want the current one since its cache hot
  52 -                                */
  53 -                               discard_slab(s, page);
  54 -                               page = s->cpu_slab[cpu];
  55 -                               slab_lock(page);
  56 -                               goto load_freelist;
  57 -                       }
  58 -                       /* New slab does not fit our expectations */
  59 +               if (s->cpu_slab[cpu])
  60                         flush_slab(s, s->cpu_slab[cpu], cpu);
  61 -               }
  62                 slab_lock(page);
  63                 SetSlabFrozen(page);
  64                 s->cpu_slab[cpu] = page;