From: Naoya Horiguchi <[email protected]> Subject: mm/memory-failure.c: fix memory leak by race between poison and unpoison
When a memory error happens on an in-use page or (free and in-use) hugepage, the victim page is isolated with its refcount set to one. When you try to unpoison it later, unpoison_memory() calls put_page() for it twice in order to bring the page back to free page pool (buddy or free hugepage list.) However, if another memory error occurs on the page which we are unpoisoning, memory_failure() returns without releasing the refcount which was incremented in the same call at first, which results in memory leak and unconsistent num_poisoned_pages statistics. This patch fixes it. Signed-off-by: Naoya Horiguchi <[email protected]> Cc: Andi Kleen <[email protected]> Cc: <[email protected]> [2.6.32+] Signed-off-by: Andrew Morton <[email protected]> --- mm/memory-failure.c | 2 ++ 1 file changed, 2 insertions(+) diff -puN mm/memory-failure.c~mm-memory-failurec-fix-memory-leak-by-race-between-poison-and-unpoison mm/memory-failure.c --- a/mm/memory-failure.c~mm-memory-failurec-fix-memory-leak-by-race-between-poison-and-unpoison +++ a/mm/memory-failure.c @@ -1153,6 +1153,8 @@ int memory_failure(unsigned long pfn, in */ if (!PageHWPoison(p)) { printk(KERN_ERR "MCE %#lx: just unpoisoned\n", pfn); + atomic_long_sub(nr_pages, &num_poisoned_pages); + put_page(hpage); res = 0; goto out; } _ -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
