Skip to content

Commit

Permalink
mm: kfence: fix missing objcg housekeeping for SLAB
Browse files Browse the repository at this point in the history 
The objcg is not cleared and put for kfence object when it is freed,
which could lead to memory leak for struct obj_cgroup and wrong
statistics of NR_SLAB_RECLAIMABLE_B or NR_SLAB_UNRECLAIMABLE_B.

Since the last freed object's objcg is not cleared,
mem_cgroup_from_obj() could return the wrong memcg when this kfence
object, which is not charged to any objcgs, is reallocated to other
users.

A real word issue [1] is caused by this bug.

Link: https://lore.kernel.org/all/[email protected]/ [1]
Reported-by: [email protected]
Fixes: d3fb45f ("mm, kfence: insert KFENCE hooks for SLAB")
Signed-off-by: Muchun Song <[email protected]>
Cc: Dmitry Vyukov <[email protected]>
Cc: Marco Elver <[email protected]>
Cc: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
  • Loading branch information
@torvalds
Muchun Song authored and torvalds committed Mar 28, 2022
1 parent f82da16 commit ae085d7
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions mm/slab.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3422,6 +3422,7 @@ static __always_inline void __cache_free(struct kmem_cache *cachep, void *objp,

if (is_kfence_address(objp)) {
kmemleak_free_recursive(objp, cachep->flags);
memcg_slab_free_hook(cachep, &objp, 1);
__kfence_free(objp);
return;
}
Expand Down

0 comments on commit ae085d7

Please sign in to comment.