From: Linus Torvalds Date: Thu, 8 Aug 2013 16:06:37 +0000 (-0700) Subject: Revert "slub: do not put a slab to cpu partial list when cpu_partial is 0" X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=370905069ce6515f38d5de0a5b1c899cbe58fe22;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git Revert "slub: do not put a slab to cpu partial list when cpu_partial is 0" This reverts commit 318df36e57c0ca9f2146660d41ff28e8650af423. This commit caused Steven Rostedt's hackbench runs to run out of memory due to a leak. As noted by Joonsoo Kim, it is buggy in the following scenario: "I guess, you may set 0 to all kmem caches's cpu_partial via sysfs, doesn't it? In this case, memory leak is possible in following case. Code flow of possible leak is follwing case. * in __slab_free() 1. (!new.inuse || !prior) && !was_frozen 2. !kmem_cache_debug && !prior 3. new.frozen = 1 4. after cmpxchg_double_slab, run the (!n) case with new.frozen=1 5. with this patch, put_cpu_partial() doesn't do anything, because this cache's cpu_partial is 0 6. return In step 5, leak occur" And Steven does indeed have cpu_partial set to 0 due to RT testing. Joonsoo is cooking up a patch, but everybody agrees that reverting this for now is the right thing to do. Reported-and-bisected-by: Steven Rostedt Acked-by: Joonsoo Kim Acked-by: Pekka Enberg Signed-off-by: Linus Torvalds --- diff --git a/mm/slub.c b/mm/slub.c index 2b02d666bf63..e3ba1f2cf60c 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1968,9 +1968,6 @@ static void put_cpu_partial(struct kmem_cache *s, struct page *page, int drain) int pages; int pobjects; - if (!s->cpu_partial) - return; - do { pages = 0; pobjects = 0;