On Tue, Feb 7, 2017 at 6:07 AM, Sean Rees <sean@xxxxxxxxxx> wrote: > Bailout early from init_cache_random_seq if s->random_seq is already > initialised. This prevents destroying the previously computed random_seq > offsets later in the function. > > If the offsets are destroyed, then shuffle_freelist will truncate > page->freelist to just the first object (orphaning the rest). > > This fixes https://bugzilla.kernel.org/show_bug.cgi?id=177551. > > Signed-off-by: Sean Rees <sean@xxxxxxxxxx> Please add: Fixes: 210e7a43fa90 ("mm: SLUB freelist randomization") > --- > mm/slub.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/mm/slub.c b/mm/slub.c > index 7aa6f43..7ec0a96 100644 > --- a/mm/slub.c > +++ b/mm/slub.c > @@ -1422,6 +1422,10 @@ static int init_cache_random_seq(struct kmem_cache *s) > int err; > unsigned long i, count = oo_objects(s->oo); > > + /* Bailout if already initialised */ > + if (s->random_seq) > + return 0; > + > err = cache_random_seq_create(s, count, GFP_KERNEL); > if (err) { > pr_err("SLUB: Unable to initialize free list for %s\n", > -- > 2.9.3 > Otherwise, looks good to me. Reviewed-by: Thomas Garnier <thgarnie@xxxxxxxxxx> -- Thomas -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
