slob: fix lockup in slob_free()

[safe/jmp/linux-2.6] / mm / slob.c

diff --git a/mm/slob.c b/mm/slob.c
index 4c82dd4..f901653 100644 (file)
--- a/mm/slob.c
+++ b/mm/slob.c
@@ -393,10 +393,11 @@ static void slob_free(void *block, int size)
                /* Go directly to page allocator. Do not pass slob allocator */
                if (slob_page_free(sp))
                        clear_slob_page_free(sp);
+               spin_unlock_irqrestore(&slob_lock, flags);
                clear_slob_page(sp);
                free_slob_page(sp);
                free_page((unsigned long)b);
-               goto out;
+               return;
        }
 
        if (!slob_page_free(sp)) {
@@ -514,9 +515,11 @@ size_t ksize(const void *block)
                return 0;
 
        sp = (struct slob_page *)virt_to_page(block);
-       if (slob_page(sp))
-               return ((slob_t *)block - 1)->units + SLOB_UNIT;
-       else
+       if (slob_page(sp)) {
+               int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
+               unsigned int *m = (unsigned int *)(block - align);
+               return SLOB_UNITS(*m) * SLOB_UNIT;
+       } else
                return sp->page.private;
 }
 
@@ -533,7 +536,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size,
        struct kmem_cache *c;
 
        c = slob_alloc(sizeof(struct kmem_cache),
-               flags, ARCH_KMALLOC_MINALIGN, -1);
+               GFP_KERNEL, ARCH_KMALLOC_MINALIGN, -1);
 
        if (c) {
                c->name = name;