When refill_sheaf() partially fills one sheaf (e.g., fills 5 objects
but need to fill 10), it will update sheaf->size and return -ENOMEM.
However, the callers (alloc_full_sheaf() and __pcs_replace_empty_main())
directly call free_empty_sheaf() on failure, which only does kfree(sheaf),
causing the partially allocated objects memory in sheaf->objects[] leaked.
Fix this by calling sheaf_flush_unused() before free_empty_sheaf() to
free objects of sheaf->objects[]. And also add a WARN_ON() in
free_empty_sheaf() to catch any future cases where a non-empty sheaf is
being freed.
Fixes: ed30c4adfc2b ("slab: add optimized sheaf refill from partial list")
Signed-off-by: Qing Wang <wangqing7171@gmail.com>
Link: https://patch.msgid.link/20260311093617.4155965-1-wangqing7171@gmail.com
Reviewed-by: Harry Yoo <harry.yoo@oracle.com>
Reviewed-by: Hao Li <hao.li@linux.dev>
Signed-off-by: Vlastimil Babka (SUSE) <vbabka@kernel.org>
if (s->flags & SLAB_KMALLOC)
mark_obj_codetag_empty(sheaf);
+ VM_WARN_ON_ONCE(sheaf->size > 0);
kfree(sheaf);
stat(s, SHEAF_FREE);
return 0;
}
+static void sheaf_flush_unused(struct kmem_cache *s, struct slab_sheaf *sheaf);
static struct slab_sheaf *alloc_full_sheaf(struct kmem_cache *s, gfp_t gfp)
{
return NULL;
if (refill_sheaf(s, sheaf, gfp | __GFP_NOMEMALLOC | __GFP_NOWARN)) {
+ sheaf_flush_unused(s, sheaf);
free_empty_sheaf(s, sheaf);
return NULL;
}
* we must be very low on memory so don't bother
* with the barn
*/
+ sheaf_flush_unused(s, empty);
free_empty_sheaf(s, empty);
}
} else {
projects / thirdparty / kernel / linux.git / commitdiff
