Skip to content

Commit

Permalink
slub: fix a possible memleak in __slab_alloc()
Browse files Browse the repository at this point in the history 
Zhihua Che reported a possible memleak in slub allocator on
CONFIG_PREEMPT=y builds.

It is possible current thread migrates right before disabling irqs in
__slab_alloc(). We must check again c->freelist, and perform a normal
allocation instead of scratching c->freelist.

Many thanks to Zhihua Che for spotting this bug, introduced in 2.6.39

V2: Its also possible an IRQ freed one (or several) object(s) and
populated c->freelist, so its not a CONFIG_PREEMPT only problem.

Cc: <stable@vger.kernel.org>        [2.6.39+]
Reported-by: Zhihua Che <zhihua.che@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Pekka Enberg <penberg@kernel.org>
  • Loading branch information
Eric Dumazet authored and Pekka Enberg committed Dec 13, 2011
1 parent 25f4379 commit 73736e0
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions mm/slub.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2169,6 +2169,11 @@ static void *__slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
goto new_slab;
}

/* must check again c->freelist in case of cpu migration or IRQ */
object = c->freelist;
if (object)
goto load_freelist;

stat(s, ALLOC_SLOWPATH);

do {
Expand Down

0 comments on commit 73736e0

Please sign in to comment.