On Thu, 27 Feb 2003, Martin Schwidefsky wrote:
> while debugging a memory leak with task structures on s390
> I found something related to it. If copy_process fails for some
> reason the task structure created with dup_task_struct has set
> p->usage to 2 but only one put_task_struct is done in the error
> cleanup code. The attached patch should take care of it.
This actually looks wrong, it ends up doing free_user() twice because a
final put_task_struct() does that too these days.
Does this alternate patch work for you instead?
Linus
----
===== kernel/fork.c 1.110 vs edited =====
--- 1.110/kernel/fork.c Tue Feb 25 02:50:01 2003
+++ edited/kernel/fork.c Thu Feb 27 22:56:36 2003
@@ -72,15 +72,8 @@
return total;
}
-void __put_task_struct(struct task_struct *tsk)
+static void free_task_struct(struct task_struct *tsk)
{
- WARN_ON(!(tsk->state & (TASK_DEAD | TASK_ZOMBIE)));
- WARN_ON(atomic_read(&tsk->usage));
- WARN_ON(tsk == current);
-
- security_task_free(tsk);
- free_uid(tsk->user);
-
/*
* The task cache is effectively disabled right now.
* Do we want it? The slab cache already has per-cpu
@@ -103,6 +96,17 @@
}
}
+void __put_task_struct(struct task_struct *tsk)
+{
+ WARN_ON(!(tsk->state & (TASK_DEAD | TASK_ZOMBIE)));
+ WARN_ON(atomic_read(&tsk->usage));
+ WARN_ON(tsk == current);
+
+ security_task_free(tsk);
+ free_uid(tsk->user);
+ free_task_struct(tsk);
+}
+
void add_wait_queue(wait_queue_head_t *q, wait_queue_t * wait)
{
unsigned long flags;
@@ -1034,7 +1038,7 @@
atomic_dec(&p->user->processes);
free_uid(p->user);
bad_fork_free:
- put_task_struct(p);
+ free_task_struct(p);
goto fork_out;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Feb 28 2003 - 22:00:46 EST