Excerpts from Andrew Morton's message of September 29, 2020 2:46 pm:
> On Tue, 29 Sep 2020 02:17:19 +0100 Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
>
>> On Mon, Sep 28, 2020 at 06:03:07PM -0700, Andrew Morton wrote:
>> > On Sat, 26 Sep 2020 22:39:19 +0100 "Matthew Wilcox (Oracle)" <willy@xxxxxxxxxxxxx> wrote:
>> >
>> > > Here is a very rare race which leaks memory:
Great catch! [sorry, a bit behind with emails]
>> >
>> > Not worth a cc:stable?
>>
>> Yes, it probably should have been.
>
> Have you a feeling for how often this occurs?
>
>> I just assume the stablebot will
>> pick up anything that has a Fixes: tag.
>
> We asked them not to do that for mm/ patches. Crazy stuff was getting
> backported.
>
>> > >
>> > > --- a/mm/page_alloc.c
>> > > +++ b/mm/page_alloc.c
>> > > @@ -4947,6 +4947,9 @@ void __free_pages(struct page *page, unsigned int order)
>> > > {
>> > > if (put_page_testzero(page))
>> > > free_the_page(page, order);
>> > > + else if (!PageHead(page))
>> > > + while (order-- > 0)
>> > > + free_the_page(page + (1 << order), order);
>> >
>> > Well that's weird and scary looking. `page' has non-zero refcount yet
>> > we go and free random followon pages. Methinks it merits an
>> > explanatory comment?
>>
>> Well, poot. I lost that comment in the shuffling of patches. In a
>> different tree, I have:
>>
>> @@ -4943,10 +4943,19 @@ static inline void free_the_page(struct page *page, unsi
>> gned int order)
>> __free_pages_ok(page, order);
>> }
>>
>> +/*
>> + * If we free a non-compound allocation, another thread may have a
>
> "non-compound, higher-order", I suggest?
>
>> + * speculative reference to the first page. It has no way of knowing
>> + * about the rest of the allocation, so we have to free all but the
>> + * first page here.
>> + */
>> void __free_pages(struct page *page, unsigned int order)
>> {
>> if (put_page_testzero(page))
>> free_the_page(page, order);
>> + else if (!PageHead(page))
>> + while (order-- > 0)
>> + free_the_page(page + (1 << order), order);
>> }
>> EXPORT_SYMBOL(__free_pages);
>>
>>
>> Although I'm now thinking of making that comment into kernel-doc and
>> turning it into advice to the caller rather than an internal note to
>> other mm developers.
>
> hm. But what action could the caller take? The explanatory comment
> seems OK to me.
The version of this without the comment got merged. I didn't mind the
comment...
Thanks,
Nick
