Re: [PATCH 4/5] mempolicy: fix refcount leak inmpol_set_shared_policy()
From: Mel Gorman
Date: Tue Aug 21 2012 - 03:21:34 EST
On Mon, Aug 20, 2012 at 07:46:09PM +0000, Christoph Lameter wrote:
> On Mon, 20 Aug 2012, Mel Gorman wrote:
>
> > @@ -2318,9 +2323,7 @@ void mpol_free_shared_policy(struct shared_policy *p)
> > while (next) {
> > n = rb_entry(next, struct sp_node, nd);
> > next = rb_next(&n->nd);
> > - rb_erase(&n->nd, &p->root);
>
> Looks like we need to keep the above line? sp_delete does not remove the
> tree entry.
>
> > - mpol_put(n->policy);
> > - kmem_cache_free(sn_cache, n);
> > + sp_delete(p, n);
Yes it does, could you have accidentally mixed up sp_free (which does not
remove the tree entry) and sp_delete (which does)? The altered code ends
up looking like this;
static void sp_delete(struct shared_policy *sp, struct sp_node *n)
{
pr_debug("deleting %lx-l%lx\n", n->start, n->end);
rb_erase(&n->nd, &sp->root); <----- frees node here
sp_free(n);
}
void mpol_free_shared_policy(struct shared_policy *p)
{
struct sp_node *n;
struct rb_node *next;
if (!p->root.rb_node)
return;
mutex_lock(&p->mutex);
next = rb_first(&p->root);
while (next) {
n = rb_entry(next, struct sp_node, nd);
next = rb_next(&n->nd);
sp_delete(p, n); <---- equivalent to rb_erase(&n->nd, &p->root); sp_free(n);
}
mutex_unlock(&p->mutex);
}
Thanks Christoph for looking at this.
--
Mel Gorman
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/