| Message ID | 20220709092629.54291-1-linmiaohe@huawei.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | hugetlb: fix memoryleak in hugetlb_mcopy_atomic_pte | expand |
On Sat, Jul 09, 2022 at 05:26:29PM +0800, Miaohe Lin wrote: > When alloc_huge_page fails, *pagep is set to NULL without put_page first. > So the hugepage indicated by *pagep is leaked. > > Fixes: 8cc5fcbb5be8 ("mm, hugetlb: fix racy resv_huge_pages underflow on UFFDIO_COPY") > Signed-off-by: Miaohe Lin <linmiaohe@huawei.com> Acked-by: Muchun Song <songmuchun@bytedance.com> Thanks.
On 07/09/22 17:26, Miaohe Lin wrote: > When alloc_huge_page fails, *pagep is set to NULL without put_page first. > So the hugepage indicated by *pagep is leaked. > > Fixes: 8cc5fcbb5be8 ("mm, hugetlb: fix racy resv_huge_pages underflow on UFFDIO_COPY") > Signed-off-by: Miaohe Lin <linmiaohe@huawei.com> > --- > mm/hugetlb.c | 1 + > 1 file changed, 1 insertion(+) Thanks for finding and fixing! Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
On 7/9/2022 5:26 PM, Miaohe Lin wrote: > When alloc_huge_page fails, *pagep is set to NULL without put_page first. > So the hugepage indicated by *pagep is leaked. > > Fixes: 8cc5fcbb5be8 ("mm, hugetlb: fix racy resv_huge_pages underflow on UFFDIO_COPY") > Signed-off-by: Miaohe Lin <linmiaohe@huawei.com> Reviewed-by: Baolin Wang <baolin.wang@linux.alibaba.com> > --- > mm/hugetlb.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/mm/hugetlb.c b/mm/hugetlb.c > index 06c2d86b1ba3..598c37279fee 100644 > --- a/mm/hugetlb.c > +++ b/mm/hugetlb.c > @@ -5962,6 +5962,7 @@ int hugetlb_mcopy_atomic_pte(struct mm_struct *dst_mm, > > page = alloc_huge_page(dst_vma, dst_addr, 0); > if (IS_ERR(page)) { > + put_page(*pagep); > ret = -ENOMEM; > *pagep = NULL; > goto out;
On 7/9/22 14:56, Miaohe Lin wrote: > When alloc_huge_page fails, *pagep is set to NULL without put_page first. > So the hugepage indicated by *pagep is leaked. > > Fixes: 8cc5fcbb5be8 ("mm, hugetlb: fix racy resv_huge_pages underflow on UFFDIO_COPY") > Signed-off-by: Miaohe Lin <linmiaohe@huawei.com> Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com> > --- > mm/hugetlb.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/mm/hugetlb.c b/mm/hugetlb.c > index 06c2d86b1ba3..598c37279fee 100644 > --- a/mm/hugetlb.c > +++ b/mm/hugetlb.c > @@ -5962,6 +5962,7 @@ int hugetlb_mcopy_atomic_pte(struct mm_struct *dst_mm, > > page = alloc_huge_page(dst_vma, dst_addr, 0); > if (IS_ERR(page)) { > + put_page(*pagep); > ret = -ENOMEM; > *pagep = NULL; > goto out;
diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 06c2d86b1ba3..598c37279fee 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5962,6 +5962,7 @@ int hugetlb_mcopy_atomic_pte(struct mm_struct *dst_mm, page = alloc_huge_page(dst_vma, dst_addr, 0); if (IS_ERR(page)) { + put_page(*pagep); ret = -ENOMEM; *pagep = NULL; goto out;
When alloc_huge_page fails, *pagep is set to NULL without put_page first. So the hugepage indicated by *pagep is leaked. Fixes: 8cc5fcbb5be8 ("mm, hugetlb: fix racy resv_huge_pages underflow on UFFDIO_COPY") Signed-off-by: Miaohe Lin <linmiaohe@huawei.com> --- mm/hugetlb.c | 1 + 1 file changed, 1 insertion(+)