Re: [PATCH] slab: fix memory leak when refill_sheaf() fails

Next message: David Woodhouse: "[PATCH v2] KVM: x86: Use gfn_to_pfn_cache for record_steal_time"
Previous message: Jian Hu: "Re: [PATCH 3/3] arm64: dts: amlogic: t7: Add clock controller nodes"
In reply to: Harry Yoo: "Re: [PATCH] slab: fix memory leak when refill_sheaf() fails"
Next in thread: Qing Wang: "Re: [PATCH] slab: fix memory leak when refill_sheaf() fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Harry Yoo

Date: Wed Mar 11 2026 - 07:49:34 EST

On Wed, Mar 11, 2026 at 08:16:46PM +0900, Harry Yoo wrote:
> On Wed, Mar 11, 2026 at 05:36:17PM +0800, Qing Wang wrote:
> > When refill_sheaf() partially fills one sheaf (e.g., fills 5 objects
> > but need to fill 10), it will update sheaf->size and return -ENOMEM.
> > However, the callers (alloc_full_sheaf() and __pcs_replace_empty_main())
> > directly call free_empty_sheaf() on failure, which only does kfree(sheaf),
> > causing the partially allocated objects memory in sheaf->objects[] leaked.
>
> Nice catch, thanks!
> Probably the need to fail new_slab() made it quite hard to trigger and notice.

Just out of curiosity, could you please tell us how you discovered
this and confirmed that it's fixed, given that kmemleak won't detect it?

> > Fix this by calling sheaf_flush_unused() before free_empty_sheaf() to
> > free objects of sheaf->objects[]. And also add a WARN_ON() in
> > free_empty_sheaf() to catch any future cases where a non-empty sheaf is
> > being freed.

--
Cheers,
Harry / Hyeonggon