[PATCH] mm, swap: Fix memory leak in __read_swap_cache_async()
From: Huang Ying
Date: Thu Feb 16 2017 - 21:31:37 EST
The memory may be leaked in __read_swap_cache_async(). For the cases
as below,
CPU 0 CPU 1
----- -----
find_get_page() == NULL
__swp_swapcount() != 0
new_page = alloc_page_vma()
radix_tree_maybe_preload()
swap in swap slot
swapcache_prepare() == -EEXIST
cond_resched()
reclaim the swap slot
find_get_page() == NULL
__swp_swapcount() == 0
return NULL <- new_page leaked here !!!
The memory leak has been confirmed via checking the value of new_page
when returning inside the loop in __read_swap_cache_async().
This is fixed via replacing return with break inside of loop in
__read_swap_cache_async(), so that there is opportunity for the
new_page to be checked and freed.
Reported-by: Hugh Dickins <hughd@xxxxxxxxxx>
Cc: Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
Signed-off-by: "Huang, Ying" <ying.huang@xxxxxxxxx>
---
mm/swap_state.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/swap_state.c b/mm/swap_state.c
index 2126e9ba23b2..473b71e052a8 100644
--- a/mm/swap_state.c
+++ b/mm/swap_state.c
@@ -333,7 +333,7 @@ struct page *__read_swap_cache_async(swp_entry_t entry, gfp_t gfp_mask,
* else swap_off will be aborted if we return NULL.
*/
if (!__swp_swapcount(entry) && swap_slot_cache_enabled)
- return NULL;
+ break;
/*
* Get a new page to read into from swap.
--
2.11.0