Patch "ring-buffer: Fix memory leak of free page" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    ring-buffer: Fix memory leak of free page

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ring-buffer-fix-memory-leak-of-free-page.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 17d801758157bec93f26faaf5ff1a8b9a552d67a Mon Sep 17 00:00:00 2001
From: "Steven Rostedt (Google)" <rostedt@xxxxxxxxxxx>
Date: Sun, 10 Dec 2023 22:12:50 -0500
Subject: ring-buffer: Fix memory leak of free page

From: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx>

commit 17d801758157bec93f26faaf5ff1a8b9a552d67a upstream.

Reading the ring buffer does a swap of a sub-buffer within the ring buffer
with a empty sub-buffer. This allows the reader to have full access to the
content of the sub-buffer that was swapped out without having to worry
about contention with the writer.

The readers call ring_buffer_alloc_read_page() to allocate a page that
will be used to swap with the ring buffer. When the code is finished with
the reader page, it calls ring_buffer_free_read_page(). Instead of freeing
the page, it stores it as a spare. Then next call to
ring_buffer_alloc_read_page() will return this spare instead of calling
into the memory management system to allocate a new page.

Unfortunately, on freeing of the ring buffer, this spare page is not
freed, and causes a memory leak.

Link: https://lore.kernel.org/linux-trace-kernel/20231210221250.7b9cc83c@xxxxxxxxxxxxxxxxxxxx

Cc: stable@xxxxxxxxxxxxxxx
Cc: Mark Rutland <mark.rutland@xxxxxxx>
Cc: Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>
Fixes: 73a757e63114d ("ring-buffer: Return reader page back into existing ring buffer")
Acked-by: Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>
Signed-off-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 kernel/trace/ring_buffer.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -1787,6 +1787,8 @@ static void rb_free_cpu_buffer(struct ri
 		free_buffer_page(bpage);
 	}
 
+	free_page((unsigned long)cpu_buffer->free_page);
+
 	kfree(cpu_buffer);
 }
 


Patches currently in stable-queue which might be from rostedt@xxxxxxxxxxx are

queue-6.6/ring-buffer-do-not-update-before-stamp-when-switching-sub-buffers.patch
queue-6.6/ring-buffer-have-saved-event-hold-the-entire-event.patch
queue-6.6/eventfs-do-not-allow-null-parent-to-eventfs_start_cr.patch
queue-6.6/ring-buffer-have-rb_time_cmpxchg-set-the-msb-counter-too.patch
queue-6.6/ring-buffer-do-not-try-to-put-back-write_stamp.patch
queue-6.6/ring-buffer-fix-memory-leak-of-free-page.patch
queue-6.6/ring-buffer-fix-a-race-in-rb_time_cmpxchg-for-32-bit-archs.patch
queue-6.6/tracing-update-snapshot-buffer-on-resize-if-it-is-allocated.patch
queue-6.6/ring-buffer-fix-writing-to-the-buffer-with-max_data_size.patch




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux