Re: [PATCH] slab: fix memory leak when refill_sheaf() fails

[Vlastimil Babka <vbabka@kernel.org>]

On 3/11/26 17:30, Hao Li wrote:
>> 
>> I also want to bring up another point here, although it may be outside the
>> scope of the current fix.
>> 
>> When I looked into the refill_sheaf() path, I found a refill failure does not
>> guarantee that the sheaf remains intact: refill_sheaf() can partially fill the
>> sheaf before failing. This non-intact behavior propagates to its caller,
>> __prefill_sheaf_pfmemalloc(), which therefore also cannot assume that the sheaf
>> is still intact after a refill failure.
>> 
>> However, the comment for kmem_cache_refill_sheaf() says that "if the refill
>> fails (returning -ENOMEM), the existing sheaf is left intact." That means the
>> behavior of __prefill_sheaf_pfmemalloc() - where the sheaf may be left
>> partially filled on refill failure - contradicts the API contract of
>> kmem_cache_refill_sheaf().
>> 
>> Maybe we can add rollback logic to __prefill_sheaf_pfmemalloc() so that it
>> provides intact semantics, preventing the non-intact behavior of refill_sheaf()
>> from propagating up to kmem_cache_refill_sheaf().
> 
> Looking at this a bit more, after checking the current callers, it seems that
> the existing callers of kmem_cache_refill_sheaf() are not relying on the sheaf
> remaining intact on refill failure.
> 
> If so, then another possible option might be to update the comment for
> kmem_cache_refill_sheaf() to match the current behavior, rather than adding
> rollback logic.

I agree with this option. Having possibly more objects than before the call
shouldn't be an issue for the callers.

> So it may just come down to whether we want to preserve the documented
> semantics in the implementation, or adjust the comment to reflect what the code
> already does.
> 
> I may be missing some intended dependency here, though.
>