On Tue 22-03-22 09:50:35, Miaohe Lin wrote:
> On 2022/3/21 20:12, Michal Hocko wrote:
> > On Tue 22-03-22 16:34:56, Miaohe Lin wrote:
> >> If mpol_new is allocated but not used in restart loop, mpol_new will be
> >> freed via mpol_put before returning to the caller. But refcnt is not
> >> initialized yet, so mpol_put could not do the right things and might leak
> >> the unused mpol_new.
> >
> > I would just add:
> >
> > This would happen if mempolicy was updated on the shared shmem file
> > while the sp->lock has been dropped during the memory allocation.
> >
>
> Do you mean the below commit log?
>
> """
> If mpol_new is allocated but not used in restart loop, mpol_new will be
> freed via mpol_put before returning to the caller. But refcnt is not
> initialized yet, so mpol_put could not do the right things and might leak
> the unused mpol_new. This would happen if mempolicy was updated on the
> shared shmem file while the sp->lock has been dropped during the memory
> allocation.
>
> This issue could be triggered easily with the below code snippet if
> there're many processes doing the below work at the same time:
>
> shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT);
> shm = shmat(shmid, 0, 0);
> loop many times {
> mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0);
> mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask,
> maxnode, 0);
> }
> """
Yes, LGTM.
Thanks!
--
Michal Hocko
SUSE Labs
