Re: [PATCH 1/2] mm/memory_hotplug: fix memory block reference leak on remove

From: Muchun Song

Date: Mon Apr 27 2026 - 04:03:54 EST



> On Apr 27, 2026, at 15:49, Oscar Salvador <osalvador@xxxxxxx> wrote:
>
> On Sun, Apr 26, 2026 at 10:44:46PM +0800, Muchun Song wrote:
>> remove_memory_blocks_and_altmaps() looks up each memory block with
>> find_memory_block(), which acquires a reference to the memory block
>> device.
>>
>> That reference is never dropped on this path, resulting in a leaked
>> device reference when removing memory blocks and their altmaps. Drop
>> the reference after retrieving mem->altmap and clearing mem->altmap,
>> before removing the memory block device.
>>
>> Fixes: 6b8f0798b85a ("mm/memory_hotplug: split memmap_on_memory requests across memblocks")
>> Cc: stable@xxxxxxxxxxxxxxx
>> Signed-off-by: Muchun Song <songmuchun@xxxxxxxxxxxxx>
>
> The change looks good but some comments below:
>
> Acked-by: Oscar Salvador <osalvador@xxxxxxx>

Thanks.

>
> The outcome of leaking the reference is that the final call to put_device()
> in device_unregister() leaves the memory block device linked in the
> system under /sys/ ? (besides not deleting the struct I guess)

I think so.

>
>> ---
>> mm/memory_hotplug.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c
>> index 2a943ec57c85..4426abb05655 100644
>> --- a/mm/memory_hotplug.c
>> +++ b/mm/memory_hotplug.c
>> @@ -1422,6 +1422,7 @@ static void remove_memory_blocks_and_altmaps(u64 start, u64 size)
>>
>> altmap = mem->altmap;
>> mem->altmap = NULL;
>> + put_device(&mem->dev);
>
> 1) Six months from now we might not remember why we need to call
> put_device() here.
>
> I would put a comment like remove_memory_block has:
>
> "/* drop the ref. we got via find_memory_block() */" or something like
> that.

Make sense.

>
> 2) I kind of dislike having an internal put_device() lingering here in
> memory-hotplug code, it feels like it does not really belong here.
> Ideally we should have a high-level function in drivers/base/memory.c
> that calls put_device itself.
> Something like "put_memblock_dev", dunno, names are hard.
>

I share your perspective. The current naming of find_memory_block_by_id
is ambiguous as it fails to signal the internal 'get' operation. To improve
clarity and reduce errors, it should be renamed to memory_block_get_by_id.
Pairing this with a new memory_block_put function to wrap put_device
would ensure a more robust and intuitive API.

Thanks.

>
> --
> Oscar Salvador
> SUSE Labs