-
Jeff Moyer authored
There is a memory in the autofs4_wait function, if multiple processes are waiting on the same queue: name = kmalloc(NAME_MAX + 1, GFP_KERNEL); if (!name) return -ENOMEM; ... if ( !wq ) { /* Create a new wait queue */ wq = kmalloc(sizeof(struct autofs_wait_queue), GFP_KERNEL); if ( !wq ) { kfree(name); up(&sbi->wq_sem); return -ENOMEM; } ... wq->name = name; ... } else { atomic_inc(&wq->wait_ctr); up(&sbi->wq_sem); ... } In the else clause, we forget to free the name we kmalloc'd above. This is pretty easy to trigger with the following reproducer: setup an automount map as follows: for n in `seq 1 48`; do echo "$n server:/export/$n" >> /etc/auto.test; done setup a master map entry to point at this: echo "/test /etc/auto.test --timeout=1" >> /etc/auto.master Now, assuming the nfs server was setup to export said directories, run the following shell script in two xterms: #!/bin/sh while true; do for n in `seq 1 48`; do ls /test/$n done sleep 2 done and watch the size-256 slab cache grow Within 4 minutes, I had the size-256 cache grow to 384k. On a kernel with the below patch applied, the size-256 remained constant during an over-night run. Signed-off-by:Jeff Moyer <jmoyer@redhat.com> Signed-off-by:
Andrew Morton <akpm@osdl.org> Signed-off-by:
Linus Torvalds <torvalds@osdl.org>
669479ba
