From: Mel Gorman <mgorman@suse.de>
To: Christoph Lameter <cl@linux.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
Dave Jones <davej@redhat.com>,
Ben Hutchings <ben@decadent.org.uk>,
Andi Kleen <ak@linux.intel.com>, Hugh Dickins <hughd@google.com>,
LKML <linux-kernel@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>
Subject: Re: [PATCH 4/5] mempolicy: fix refcount leak in mpol_set_shared_policy()
Date: Tue, 21 Aug 2012 08:15:32 +0100 [thread overview]
Message-ID: <20120821071532.GB1657@suse.de> (raw)
In-Reply-To: <00000139459223d7-93a9c53f-6724-4a4b-b675-cd25d8d53c71-000000@email.amazonses.com>
On Mon, Aug 20, 2012 at 07:46:09PM +0000, Christoph Lameter wrote:
> On Mon, 20 Aug 2012, Mel Gorman wrote:
>
> > @@ -2318,9 +2323,7 @@ void mpol_free_shared_policy(struct shared_policy *p)
> > while (next) {
> > n = rb_entry(next, struct sp_node, nd);
> > next = rb_next(&n->nd);
> > - rb_erase(&n->nd, &p->root);
>
> Looks like we need to keep the above line? sp_delete does not remove the
> tree entry.
>
> > - mpol_put(n->policy);
> > - kmem_cache_free(sn_cache, n);
> > + sp_delete(p, n);
Yes it does, could you have accidentally mixed up sp_free (which does not
remove the tree entry) and sp_delete (which does)? The altered code ends
up looking like this;
static void sp_delete(struct shared_policy *sp, struct sp_node *n)
{
pr_debug("deleting %lx-l%lx\n", n->start, n->end);
rb_erase(&n->nd, &sp->root); <----- frees node here
sp_free(n);
}
void mpol_free_shared_policy(struct shared_policy *p)
{
struct sp_node *n;
struct rb_node *next;
if (!p->root.rb_node)
return;
mutex_lock(&p->mutex);
next = rb_first(&p->root);
while (next) {
n = rb_entry(next, struct sp_node, nd);
next = rb_next(&n->nd);
sp_delete(p, n); <---- equivalent to rb_erase(&n->nd, &p->root); sp_free(n);
}
mutex_unlock(&p->mutex);
}
Thanks Christoph for looking at this.
--
Mel Gorman
SUSE Labs
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Mel Gorman <mgorman@suse.de>
To: Christoph Lameter <cl@linux.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
Dave Jones <davej@redhat.com>,
Ben Hutchings <ben@decadent.org.uk>,
Andi Kleen <ak@linux.intel.com>, Hugh Dickins <hughd@google.com>,
LKML <linux-kernel@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>
Subject: Re: [PATCH 4/5] mempolicy: fix refcount leak in mpol_set_shared_policy()
Date: Tue, 21 Aug 2012 08:15:32 +0100 [thread overview]
Message-ID: <20120821071532.GB1657@suse.de> (raw)
In-Reply-To: <00000139459223d7-93a9c53f-6724-4a4b-b675-cd25d8d53c71-000000@email.amazonses.com>
On Mon, Aug 20, 2012 at 07:46:09PM +0000, Christoph Lameter wrote:
> On Mon, 20 Aug 2012, Mel Gorman wrote:
>
> > @@ -2318,9 +2323,7 @@ void mpol_free_shared_policy(struct shared_policy *p)
> > while (next) {
> > n = rb_entry(next, struct sp_node, nd);
> > next = rb_next(&n->nd);
> > - rb_erase(&n->nd, &p->root);
>
> Looks like we need to keep the above line? sp_delete does not remove the
> tree entry.
>
> > - mpol_put(n->policy);
> > - kmem_cache_free(sn_cache, n);
> > + sp_delete(p, n);
Yes it does, could you have accidentally mixed up sp_free (which does not
remove the tree entry) and sp_delete (which does)? The altered code ends
up looking like this;
static void sp_delete(struct shared_policy *sp, struct sp_node *n)
{
pr_debug("deleting %lx-l%lx\n", n->start, n->end);
rb_erase(&n->nd, &sp->root); <----- frees node here
sp_free(n);
}
void mpol_free_shared_policy(struct shared_policy *p)
{
struct sp_node *n;
struct rb_node *next;
if (!p->root.rb_node)
return;
mutex_lock(&p->mutex);
next = rb_first(&p->root);
while (next) {
n = rb_entry(next, struct sp_node, nd);
next = rb_next(&n->nd);
sp_delete(p, n); <---- equivalent to rb_erase(&n->nd, &p->root); sp_free(n);
}
mutex_unlock(&p->mutex);
}
Thanks Christoph for looking at this.
--
Mel Gorman
SUSE Labs
next prev parent reply other threads:[~2012-08-21 7:21 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-20 16:36 [PATCH 0/5] Memory policy corruption fixes V2 Mel Gorman
2012-08-20 16:36 ` Mel Gorman
2012-08-20 16:36 ` [PATCH 1/5] Revert "mm: mempolicy: Let vma_merge and vma_split handle vma->vm_policy linkages" Mel Gorman
2012-08-20 16:36 ` Mel Gorman
2012-08-20 16:36 ` [PATCH 2/5] mempolicy: Remove mempolicy sharing Mel Gorman
2012-08-20 16:36 ` Mel Gorman
2012-08-20 19:35 ` Christoph Lameter
2012-08-20 19:35 ` Christoph Lameter
2012-08-22 19:03 ` Andrew Morton
2012-08-22 19:03 ` Andrew Morton
2012-08-22 19:33 ` Mel Gorman
2012-08-22 19:33 ` Mel Gorman
2012-08-22 19:35 ` Andi Kleen
2012-08-22 19:35 ` Andi Kleen
2012-08-20 16:36 ` [PATCH 3/5] mempolicy: fix a race in shared_policy_replace() Mel Gorman
2012-08-20 16:36 ` Mel Gorman
2012-08-20 19:52 ` Christoph Lameter
2012-08-20 19:52 ` Christoph Lameter
2012-09-07 22:59 ` KOSAKI Motohiro
2012-09-07 22:59 ` KOSAKI Motohiro
2012-08-20 16:36 ` [PATCH 4/5] mempolicy: fix refcount leak in mpol_set_shared_policy() Mel Gorman
2012-08-20 16:36 ` Mel Gorman
2012-08-20 19:46 ` Christoph Lameter
2012-08-20 19:46 ` Christoph Lameter
2012-08-21 7:15 ` Mel Gorman [this message]
2012-08-21 7:15 ` Mel Gorman
2012-08-21 15:38 ` Christoph Lameter
2012-08-21 15:38 ` Christoph Lameter
2012-08-20 16:36 ` [PATCH 5/5] mempolicy: fix a memory corruption by refcount imbalance in alloc_pages_vma() Mel Gorman
2012-08-20 16:36 ` Mel Gorman
2012-08-20 19:51 ` Christoph Lameter
2012-08-20 19:51 ` Christoph Lameter
2012-08-21 7:26 ` Mel Gorman
2012-08-21 7:26 ` Mel Gorman
2012-08-21 15:37 ` Christoph Lameter
2012-08-21 15:37 ` Christoph Lameter
2012-09-07 23:06 ` KOSAKI Motohiro
2012-09-07 23:06 ` KOSAKI Motohiro
2012-08-21 7:29 ` [PATCH 0/5] Memory policy corruption fixes V2 Mel Gorman
2012-08-21 7:29 ` Mel Gorman
2012-09-06 12:40 ` Josh Boyer
2012-09-06 12:40 ` Josh Boyer
2012-09-07 9:43 ` Mel Gorman
2012-09-07 9:43 ` Mel Gorman
2012-08-21 21:46 ` Andi Kleen
2012-08-21 21:46 ` Andi Kleen
-- strict thread matches above, loose matches on Subject: below --
2012-10-09 16:58 [PATCH 0/5] Memory policy corruption fixes -stable Mel Gorman
2012-10-09 16:58 ` [PATCH 4/5] mempolicy: fix refcount leak in mpol_set_shared_policy() Mel Gorman
2012-10-09 16:58 ` Mel Gorman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120821071532.GB1657@suse.de \
--to=mgorman@suse.de \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=ben@decadent.org.uk \
--cc=cl@linux.com \
--cc=davej@redhat.com \
--cc=hughd@google.com \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.