lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260204033553.50039-1-ahacigu.linux@gmail.com>
Date: Tue,  3 Feb 2026 19:35:53 -0800
From: Altan Hacigumus <ahacigu.linux@...il.com>
To: akpm@...ux-foundation.org,
	david@...morbit.com
Cc: ahacigu.linux@...il.com,
	zhengqi.arch@...edance.com,
	roman.gushchin@...ux.dev,
	muchun.song@...ux.dev,
	linux-mm@...ck.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH v2] mm/shrinker: Fix refcount leak in shrink_slab_memcg()

When kmem is disabled for memcg, slab-backed shrinkers are skipped.
However, shrink_slab_memcg() doesn't drop the reference acquired via
shrinker_try_get() before continuing.

Add the missing shrinker_put().

Also, since memcg_kmem_online() and shrinker flags cannot change
dynamically, remove the shrinker from the bitmap to avoid unnecessary
future scans.

Fixes: 50d09da8e119 ("mm: shrinker: make memcg slab shrink lockless")
Suggested-by: Qi Zheng <zhengqi.arch@...edance.com>
Acked-by: Qi Zheng <zhengqi.arch@...edance.com>
Link: https://lore.kernel.org/r/20260203073757.135088-1-ahacigu.linux@gmail.com
Signed-off-by: Altan Hacigumus <ahacigu.linux@...il.com>
---
Changes in v2:
- Use clear_bit() to remove shrinker from bitmap instead of just skipping
---
 mm/shrinker.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/mm/shrinker.c b/mm/shrinker.c
index 4a93fd433689..68dc7b4242f2 100644
--- a/mm/shrinker.c
+++ b/mm/shrinker.c
@@ -544,8 +544,11 @@ static unsigned long shrink_slab_memcg(gfp_t gfp_mask, int nid,
 
 			/* Call non-slab shrinkers even though kmem is disabled */
 			if (!memcg_kmem_online() &&
-			    !(shrinker->flags & SHRINKER_NONSLAB))
+			    !(shrinker->flags & SHRINKER_NONSLAB)) {
+				clear_bit(offset, unit->map);
+				shrinker_put(shrinker);
 				continue;
+			}
 
 			ret = do_shrink_slab(&sc, shrinker, priority);
 			if (ret == SHRINK_EMPTY) {
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ