From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753284AbdLMOrH (ORCPT <rfc822;w@1wt.eu>);
        Wed, 13 Dec 2017 09:47:07 -0500
Received: from mx1.redhat.com ([209.132.183.28]:35396 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1753194AbdLMOrC (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 13 Dec 2017 09:47:02 -0500
Date: Wed, 13 Dec 2017 15:46:54 +0100
From: Jesper Dangaard Brouer <brouer@redhat.com>
To: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: linux-rt-users@vger.kernel.org, linux-kernel@vger.kernel.org,
        tglx@linutronix.de, Peter Zijlstra <peterz@infradead.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        Vladimir Davydov <vdavydov@virtuozzo.com>, linux-mm@kvack.org,
        brouer@redhat.com, Rao Shoaib <rao.shoaib@oracle.com>,
        "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Subject: Re: [PATCH RT] mm/slub: close possible memory-leak in
 kmem_cache_alloc_bulk()
Message-ID: <20171213154654.2971ef2a@redhat.com>
In-Reply-To: <20171213140555.s4hzg3igtjfgaueh@linutronix.de>
References: <20171213140555.s4hzg3igtjfgaueh@linutronix.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 13 Dec 2017 14:47:02 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 13 Dec 2017 15:05:55 +0100
Sebastian Andrzej Siewior <bigeasy@linutronix.de> wrote:

> Under certain circumstances we could leak elements which were moved to
> the local "to_free" list. The damage is limited since I can't find any
> users here.
> 
> Cc: stable-rt@vger.kernel.org
> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
> ---
> Jesper: There are no users of kmem_cache_alloc_bulk() and kfree_bulk().
> Only kmem_cache_free_bulk() is used since it was introduced. Do you
> think that it would make sense to remove those?

I would like to keep them.

Rao Shoaib (Cc'ed) is/was working on a patchset for RCU-bulk-free that
used the kfree_bulk() API.

I plan to use kmem_cache_alloc_bulk() in the bpf-map "cpumap", for bulk
allocating SKBs during dequeue of XDP frames.  (My original bulk alloc
SKBs use-case during NAPI/softirq was never merged).


>  mm/slub.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/mm/slub.c b/mm/slub.c
> index ffd2fa0f415e..9053e929ce9d 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -3240,6 +3240,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size,
>  	return i;
>  error:
>  	local_irq_enable();
> +	free_delayed(&to_free);
>  	slab_post_alloc_hook(s, flags, i, p);
>  	__kmem_cache_free_bulk(s, i, p);
>  	return 0;

I've not seen free_delayed() before... and my cscope cannot find it...

-- 
Best regards,
  Jesper Dangaard Brouer
  MSc.CS, Principal Kernel Engineer at Red Hat
  LinkedIn: http://www.linkedin.com/in/brouer