On Wed, 4 Apr 2018 08:51:51 +0800 Xidong Wang <wangxidong_97@xxxxxxx> wrote: > In function z3fold_create_pool(), the memory allocated by > __alloc_percpu() is not released on the error path that pool->compact_wq > , which holds the return value of create_singlethread_workqueue(), is NULL. > This will result in a memory leak bug. > > ... > > --- a/mm/z3fold.c > +++ b/mm/z3fold.c > @@ -490,6 +490,7 @@ static struct z3fold_pool *z3fold_create_pool(const char *name, gfp_t gfp, > out_wq: > destroy_workqueue(pool->compact_wq); > out: > + free_percpu(pool->unbuddied); > kfree(pool); > return NULL; > } That isn't right. If the initial kzallc fails we'll goto out with pool==NULL. Please check: --- a/mm/z3fold.c~z3fold-fix-memory-leak-fix +++ a/mm/z3fold.c @@ -479,7 +479,7 @@ static struct z3fold_pool *z3fold_create pool->name = name; pool->compact_wq = create_singlethread_workqueue(pool->name); if (!pool->compact_wq) - goto out; + goto out_unbuddied; pool->release_wq = create_singlethread_workqueue(pool->name); if (!pool->release_wq) goto out_wq; @@ -489,9 +489,10 @@ static struct z3fold_pool *z3fold_create out_wq: destroy_workqueue(pool->compact_wq); -out: +out_unbuddied: free_percpu(pool->unbuddied); kfree(pool); +out: return NULL; } _
