On Tue, 29 Sep 2020 02:17:19 +0100 Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
> On Mon, Sep 28, 2020 at 06:03:07PM -0700, Andrew Morton wrote:
> > On Sat, 26 Sep 2020 22:39:19 +0100 "Matthew Wilcox (Oracle)" <willy@xxxxxxxxxxxxx> wrote:
> >
> > > Here is a very rare race which leaks memory:
> >
> > Not worth a cc:stable?
>
> Yes, it probably should have been.
Have you a feeling for how often this occurs?
> I just assume the stablebot will
> pick up anything that has a Fixes: tag.
We asked them not to do that for mm/ patches. Crazy stuff was getting
backported.
> > >
> > > --- a/mm/page_alloc.c
> > > +++ b/mm/page_alloc.c
> > > @@ -4947,6 +4947,9 @@ void __free_pages(struct page *page, unsigned int order)
> > > {
> > > if (put_page_testzero(page))
> > > free_the_page(page, order);
> > > + else if (!PageHead(page))
> > > + while (order-- > 0)
> > > + free_the_page(page + (1 << order), order);
> >
> > Well that's weird and scary looking. `page' has non-zero refcount yet
> > we go and free random followon pages. Methinks it merits an
> > explanatory comment?
>
> Well, poot. I lost that comment in the shuffling of patches. In a
> different tree, I have:
>
> @@ -4943,10 +4943,19 @@ static inline void free_the_page(struct page *page, unsi
> gned int order)
> __free_pages_ok(page, order);
> }
>
> +/*
> + * If we free a non-compound allocation, another thread may have a
"non-compound, higher-order", I suggest?
> + * speculative reference to the first page. It has no way of knowing
> + * about the rest of the allocation, so we have to free all but the
> + * first page here.
> + */
> void __free_pages(struct page *page, unsigned int order)
> {
> if (put_page_testzero(page))
> free_the_page(page, order);
> + else if (!PageHead(page))
> + while (order-- > 0)
> + free_the_page(page + (1 << order), order);
> }
> EXPORT_SYMBOL(__free_pages);
>
>
> Although I'm now thinking of making that comment into kernel-doc and
> turning it into advice to the caller rather than an internal note to
> other mm developers.
hm. But what action could the caller take? The explanatory comment
seems OK to me.
