On Wed, 4 Apr 2018 08:51:51 +0800 Xidong Wang <[email protected]> wrote:
> In function z3fold_create_pool(), the memory allocated by
> __alloc_percpu() is not released on the error path that pool->compact_wq
> , which holds the return value of create_singlethread_workqueue(), is NULL.
> This will result in a memory leak bug.
>
> ...
>
> --- a/mm/z3fold.c
> +++ b/mm/z3fold.c
> @@ -490,6 +490,7 @@ static struct z3fold_pool *z3fold_create_pool(const char
> *name, gfp_t gfp,
> out_wq:
> destroy_workqueue(pool->compact_wq);
> out:
> + free_percpu(pool->unbuddied);
> kfree(pool);
> return NULL;
> }
That isn't right. If the initial kzallc fails we'll goto out with
pool==NULL.
Please check:
--- a/mm/z3fold.c~z3fold-fix-memory-leak-fix
+++ a/mm/z3fold.c
@@ -479,7 +479,7 @@ static struct z3fold_pool *z3fold_create
pool->name = name;
pool->compact_wq = create_singlethread_workqueue(pool->name);
if (!pool->compact_wq)
- goto out;
+ goto out_unbuddied;
pool->release_wq = create_singlethread_workqueue(pool->name);
if (!pool->release_wq)
goto out_wq;
@@ -489,9 +489,10 @@ static struct z3fold_pool *z3fold_create
out_wq:
destroy_workqueue(pool->compact_wq);
-out:
+out_unbuddied:
free_percpu(pool->unbuddied);
kfree(pool);
+out:
return NULL;
}
_
