| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Feb 2017 10:42:37 -0800 (PST)
From: Hugh Dickins <hughd@...gle.com>
To: "Huang, Ying" <ying.huang@...el.com>
cc: Hugh Dickins <hughd@...gle.com>,
Tim Chen <tim.c.chen@...ux.intel.com>,
Minchan Kim <minchan@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: swap_cluster_info lockdep splat
On Fri, 17 Feb 2017, Huang, Ying wrote:
>
> I found a memory leak in __read_swap_cache_async() introduced by mm-swap
> series, and confirmed it via testing. Could you verify whether it fixed
> your cases? Thanks a lot for reporting.
Well caught! That indeed fixes the leak I've been seeing: my load has
now passed the 7 hour danger mark, with no indication of slowing down.
I'll keep it running until I need to try something else on that machine,
but all good for now.
You could add
Tested-by: Hugh Dickins <hughd@...gle.com>
but don't bother: I'm sure Andrew will simply fold this fix into the
fixed patch later on.
Thanks,
Hugh
>
> Best Regards,
> Huang, Ying
>
> ------------------------------------------------------------------------->
> From 4b96423796ab7435104eb2cb4dcf5d525b9e0800 Mon Sep 17 00:00:00 2001
> From: Huang Ying <ying.huang@...el.com>
> Date: Fri, 17 Feb 2017 10:31:37 +0800
> Subject: [PATCH] mm, swap: Fix memory leak in __read_swap_cache_async()
>
> The memory may be leaked in __read_swap_cache_async(). For the cases
> as below,
>
> CPU 0 CPU 1
> ----- -----
>
> find_get_page() == NULL
> __swp_swapcount() != 0
> new_page = alloc_page_vma()
> radix_tree_maybe_preload()
> swap in swap slot
> swapcache_prepare() == -EEXIST
> cond_resched()
> reclaim the swap slot
> find_get_page() == NULL
> __swp_swapcount() == 0
> return NULL <- new_page leaked here !!!
>
> The memory leak has been confirmed via checking the value of new_page
> when returning inside the loop in __read_swap_cache_async().
>
> This is fixed via replacing return with break inside of loop in
> __read_swap_cache_async(), so that there is opportunity for the
> new_page to be checked and freed.
>
> Reported-by: Hugh Dickins <hughd@...gle.com>
> Cc: Tim Chen <tim.c.chen@...ux.intel.com>
> Signed-off-by: "Huang, Ying" <ying.huang@...el.com>
> ---
> mm/swap_state.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/swap_state.c b/mm/swap_state.c
> index 2126e9ba23b2..473b71e052a8 100644
> --- a/mm/swap_state.c
> +++ b/mm/swap_state.c
> @@ -333,7 +333,7 @@ struct page *__read_swap_cache_async(swp_entry_t entry, gfp_t gfp_mask,
> * else swap_off will be aborted if we return NULL.
> */
> if (!__swp_swapcount(entry) && swap_slot_cache_enabled)
> - return NULL;
> + break;
>
> /*
> * Get a new page to read into from swap.
> --
> 2.11.0
>
>
Powered by blists - more mailing lists