git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Qing Wang <wangqing7171@gmail.com>
	Wed, 11 Mar 2026 09:36:17 +0000 (17:36 +0800)
committer	Vlastimil Babka (SUSE) <vbabka@kernel.org>
	Wed, 11 Mar 2026 16:55:26 +0000 (17:55 +0100)
commit	464b1c115852fe025635ae2065e00caced184d92
tree	292286c18d96dd518c310d96769da6542eb4d4ab	tree \| snapshot
parent	8dafa9f5900c4855a65dbfee51e3bd00636deee1	commit \| diff

slab: fix memory leak when refill_sheaf() fails

When refill_sheaf() partially fills one sheaf (e.g., fills 5 objects
but need to fill 10), it will update sheaf->size and return -ENOMEM.
However, the callers (alloc_full_sheaf() and __pcs_replace_empty_main())
directly call free_empty_sheaf() on failure, which only does kfree(sheaf),
causing the partially allocated objects memory in sheaf->objects[] leaked.

Fix this by calling sheaf_flush_unused() before free_empty_sheaf() to
free objects of sheaf->objects[]. And also add a WARN_ON() in
free_empty_sheaf() to catch any future cases where a non-empty sheaf is
being freed.

Fixes: ed30c4adfc2b ("slab: add optimized sheaf refill from partial list")
Signed-off-by: Qing Wang <wangqing7171@gmail.com>
Link: https://patch.msgid.link/20260311093617.4155965-1-wangqing7171@gmail.com
Reviewed-by: Harry Yoo <harry.yoo@oracle.com>
Reviewed-by: Hao Li <hao.li@linux.dev>
Signed-off-by: Vlastimil Babka (SUSE) <vbabka@kernel.org>