From: Naoya Horiguchi <n-horiguchi@xxxxxxxxxxxxx>
Subject: mm/memory-failure.c: fix memory leak by race between poison and unpoison
When a memory error happens on an in-use page or (free and in-use)
hugepage, the victim page is isolated with its refcount set to one. When
you try to unpoison it later, unpoison_memory() calls put_page() for it
twice in order to bring the page back to free page pool (buddy or free
hugepage list.) However, if another memory error occurs on the page which
we are unpoisoning, memory_failure() returns without releasing the
refcount which was incremented in the same call at first, which results in
memory leak and unconsistent num_poisoned_pages statistics. This patch
fixes it.
Signed-off-by: Naoya Horiguchi <n-horiguchi@xxxxxxxxxxxxx>
Cc: Andi Kleen <andi@xxxxxxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> [2.6.32+]
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/memory-failure.c | 2 ++
1 file changed, 2 insertions(+)
diff -puN mm/memory-failure.c~mm-memory-failurec-fix-memory-leak-by-race-between-poison-and-unpoison mm/memory-failure.c
--- a/mm/memory-failure.c~mm-memory-failurec-fix-memory-leak-by-race-between-poison-and-unpoison
+++ a/mm/memory-failure.c
@@ -1153,6 +1153,8 @@ int memory_failure(unsigned long pfn, in
*/
if (!PageHWPoison(p)) {
printk(KERN_ERR "MCE %#lx: just unpoisoned\n", pfn);
+ atomic_long_sub(nr_pages, &num_poisoned_pages);
+ put_page(hpage);
res = 0;
goto out;
}
_
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html