Commit c73813d6 authored by Liu Shixin's avatar Liu Shixin
Browse files

mm: kmemleak: use mem_pool_free() to free object 

mainline inclusion
from mainline-v6.7-rc1
commit 2e1d47385f98aa0fa7d71aeee32d26cc6f8493e0
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IBE0E0

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e1d47385f98aa0fa7d71aeee32d26cc6f8493e0

--------------------------------

The kmemleak object is allocated by mem_pool_alloc(), which could be from
slab or mem_pool[], so it's not suitable using __kmem_cache_free() to free
the object, use __mem_pool_free() instead.

Link: https://lkml.kernel.org/r/20231018102952.3339837-6-liushixin2@huawei.com


Fixes: 0647398a ("mm: kmemleak: simple memory allocation pool for kmemleak objects")
Signed-off-by: default avatarLiu Shixin <liushixin2@huawei.com>
Reviewed-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
Cc: Patrick Wang <patrick.wang.shcn@gmail.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLiu Shixin <liushixin2@huawei.com>
parent cc0c8bcf

mm/kmemleak.c

+9 −5
Original line number Diff line number Diff line
@@ -668,7 +668,7 @@ static struct kmemleak_object *__alloc_object(gfp_t gfp) 
	return object;

}



static void __link_object(struct kmemleak_object *object, unsigned long ptr,

static int __link_object(struct kmemleak_object *object, unsigned long ptr,

			 size_t size, int min_count, bool is_phys)

{
@@ -711,14 +711,15 @@ static void __link_object(struct kmemleak_object *object, unsigned long ptr, 
			 * be freed while the kmemleak_lock is held.

			 */

			dump_object_info(parent);

			kmem_cache_free(object_cache, object);

			return;

			return -EEXIST;

		}

	}

	rb_link_node(&object->rb_node, rb_parent, link);

	rb_insert_color(&object->rb_node, is_phys ? &object_phys_tree_root :

					  &object_tree_root);

	list_add_tail_rcu(&object->object_list, &object_list);



	return 0;

}



/*
@@ -731,14 +732,17 @@ static void __create_object(unsigned long ptr, size_t size, 
{

	struct kmemleak_object *object;

	unsigned long flags;

	int ret;



	object = __alloc_object(gfp);

	if (!object)

		return;



	raw_spin_lock_irqsave(&kmemleak_lock, flags);

	__link_object(object, ptr, size, min_count, is_phys);

	ret = __link_object(object, ptr, size, min_count, is_phys);

	raw_spin_unlock_irqrestore(&kmemleak_lock, flags);

	if (ret)

		mem_pool_free(object);

}



/* Create kmemleak object which allocated with virtual address. */