On 08/03/2012 12:15 AM, Christoph Lameter wrote:
> Do not use kmalloc() but kmem_cache_alloc() for the allocation
> of the kmem_cache structures in slub.
>
> This is the way its supposed to be. Recent merges lost
> the freeing of the kmem_cache structure and so this is also
> fixing memory leak on kmem_cache_destroy() by adding
> the missing free action to sysfs_slab_remove().
Okay. the problems I am seeing are due to to this patch.
> Signed-off-by: Christoph Lameter <cl@xxxxxxxxx>
>
> Index: linux-2.6/mm/slub.c
> ===================================================================
> --- linux-2.6.orig/mm/slub.c 2012-08-01 13:02:18.897656578 -0500
> +++ linux-2.6/mm/slub.c 2012-08-01 13:06:02.673597753 -0500
> @@ -213,7 +213,7 @@
> static inline void sysfs_slab_remove(struct kmem_cache *s)
> {
> kfree(s->name);
> - kfree(s);
> + kmem_cache_free(kmem_cache, s);
> }
>
> #endif
> @@ -3962,7 +3962,7 @@
> if (!n)
> return NULL;
>
> - s = kmalloc(kmem_size, GFP_KERNEL);
> + s = kmem_cache_alloc(kmem_cache, GFP_KERNEL);
> if (s) {
> if (kmem_cache_open(s, n,
> size, align, flags, ctor)) {
> @@ -3979,7 +3979,7 @@
> list_del(&s->list);
> kmem_cache_close(s);
> }
> - kfree(s);
> + kmem_cache_free(kmem_cache, s);
> }
> kfree(n);
> return NULL;
> @@ -5217,7 +5217,7 @@
> struct kmem_cache *s = to_slab(kobj);
>
> kfree(s->name);
> - kfree(s);
> + kmem_cache_free(kmem_cache, s);
> }
>
> static const struct sysfs_ops slab_sysfs_ops = {
> @@ -5342,6 +5342,8 @@
> kobject_uevent(&s->kobj, KOBJ_REMOVE);
> kobject_del(&s->kobj);
> kobject_put(&s->kobj);
> + kfree(s->name);
> + kmem_cache_free(kmem_cache, s);
> }
>
> /*
>
When a non-alias cache is freed, both sysfs_slab_remove and
kmem_cache_release are called.
You are freeing structures on both, so you have two double frees.
slab_sysfs_remove() is the correct place for it, so you need to remove
them from kmem_cache_release(), which becomes an empty function.
Please consider replacing your patch with the attached. Replacing your
patch by this one makes my test case work after the series is applied.
Index: linux-slab/mm/slub.c
===================================================================
--- linux-slab.orig/mm/slub.c
+++ linux-slab/mm/slub.c
@@ -211,7 +211,7 @@ static inline int sysfs_slab_alias(struc
static inline void sysfs_slab_remove(struct kmem_cache *s)
{
kfree(s->name);
- kfree(s);
+ kmem_cache_free(kmem_cache, s);
}
#endif
@@ -3938,7 +3938,7 @@ struct kmem_cache *__kmem_cache_create(c
if (!n)
return NULL;
- s = kmalloc(kmem_size, GFP_KERNEL);
+ s = kmem_cache_alloc(kmem_cache, GFP_KERNEL);
if (s) {
if (kmem_cache_open(s, n,
size, align, flags, ctor)) {
@@ -3955,7 +3955,7 @@ struct kmem_cache *__kmem_cache_create(c
list_del(&s->list);
kmem_cache_close(s);
}
- kfree(s);
+ kmem_cache_free(kmem_cache, s);
}
kfree(n);
return NULL;
@@ -5188,14 +5188,6 @@ static ssize_t slab_attr_store(struct ko
return err;
}
-static void kmem_cache_release(struct kobject *kobj)
-{
- struct kmem_cache *s = to_slab(kobj);
-
- kfree(s->name);
- kfree(s);
-}
-
static const struct sysfs_ops slab_sysfs_ops = {
.show = slab_attr_show,
.store = slab_attr_store,
@@ -5203,7 +5195,6 @@ static const struct sysfs_ops slab_sysfs
static struct kobj_type slab_ktype = {
.sysfs_ops = &slab_sysfs_ops,
- .release = kmem_cache_release
};
static int uevent_filter(struct kset *kset, struct kobject *kobj)
@@ -5318,6 +5309,8 @@ static void sysfs_slab_remove(struct kme
kobject_uevent(&s->kobj, KOBJ_REMOVE);
kobject_del(&s->kobj);
kobject_put(&s->kobj);
+ kfree(s->name);
+ kmem_cache_free(kmem_cache, s);
}
/*