linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] userfaultfd/shmem: fix minor fault page leak
@ 2021-03-22 20:48 Axel Rasmussen
  2021-03-22 21:00 ` Peter Xu
  2021-03-24 23:20 ` Andrew Morton
  0 siblings, 2 replies; 5+ messages in thread
From: Axel Rasmussen @ 2021-03-22 20:48 UTC (permalink / raw)
  To: Alexander Viro, Andrea Arcangeli, Andrew Morton, Hugh Dickins,
	Jerome Glisse, Joe Perches, Lokesh Gidra, Mike Rapoport,
	Peter Xu, Shaohua Li, Shuah Khan, Wang Qing
  Cc: linux-kernel, linux-fsdevel, linux-mm, linux-kselftest,
	Axel Rasmussen, Brian Geffon, Cannon Matthews,
	Dr . David Alan Gilbert, David Rientjes, Michel Lespinasse,
	Mina Almasry, Oliver Upton

This fix is analogous to Peter Xu's fix for hugetlb [0]. If we don't
put_page() after getting the page out of the page cache, we leak the
reference.

The fix can be verified by checking /proc/meminfo and running the
userfaultfd selftest in shmem mode. Without the fix, we see MemFree /
MemAvailable steadily decreasing with each run of the test. With the
fix, memory is correctly freed after the test program exits.

Fixes: 00da60b9d0a0 ("userfaultfd: support minor fault handling for shmem")
Signed-off-by: Axel Rasmussen <axelrasmussen@google.com>
---
 mm/shmem.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mm/shmem.c b/mm/shmem.c
index ef8c9f5e92fc..d2e0e81b7d2e 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1831,6 +1831,7 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
 
 	if (page && vma && userfaultfd_minor(vma)) {
 		unlock_page(page);
+		put_page(page);
 		*fault_type = handle_userfault(vmf, VM_UFFD_MINOR);
 		return 0;
 	}
-- 
2.31.0.rc2.261.g7f71774620-goog



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] userfaultfd/shmem: fix minor fault page leak
  2021-03-22 20:48 [PATCH] userfaultfd/shmem: fix minor fault page leak Axel Rasmussen
@ 2021-03-22 21:00 ` Peter Xu
  2021-03-24 23:20 ` Andrew Morton
  1 sibling, 0 replies; 5+ messages in thread
From: Peter Xu @ 2021-03-22 21:00 UTC (permalink / raw)
  To: Axel Rasmussen
  Cc: Alexander Viro, Andrea Arcangeli, Andrew Morton, Hugh Dickins,
	Jerome Glisse, Joe Perches, Lokesh Gidra, Mike Rapoport,
	Shaohua Li, Shuah Khan, Wang Qing, linux-kernel, linux-fsdevel,
	linux-mm, linux-kselftest, Brian Geffon, Cannon Matthews,
	Dr . David Alan Gilbert, David Rientjes, Michel Lespinasse,
	Mina Almasry, Oliver Upton

On Mon, Mar 22, 2021 at 01:48:35PM -0700, Axel Rasmussen wrote:
> This fix is analogous to Peter Xu's fix for hugetlb [0]. If we don't
> put_page() after getting the page out of the page cache, we leak the
> reference.
> 
> The fix can be verified by checking /proc/meminfo and running the
> userfaultfd selftest in shmem mode. Without the fix, we see MemFree /
> MemAvailable steadily decreasing with each run of the test. With the
> fix, memory is correctly freed after the test program exits.
> 
> Fixes: 00da60b9d0a0 ("userfaultfd: support minor fault handling for shmem")
> Signed-off-by: Axel Rasmussen <axelrasmussen@google.com>

Reviewed-by: Peter Xu <peterx@redhat.com>

-- 
Peter Xu



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] userfaultfd/shmem: fix minor fault page leak
  2021-03-22 20:48 [PATCH] userfaultfd/shmem: fix minor fault page leak Axel Rasmussen
  2021-03-22 21:00 ` Peter Xu
@ 2021-03-24 23:20 ` Andrew Morton
  2021-03-25  0:52   ` Peter Xu
  1 sibling, 1 reply; 5+ messages in thread
From: Andrew Morton @ 2021-03-24 23:20 UTC (permalink / raw)
  To: Axel Rasmussen
  Cc: Alexander Viro, Andrea Arcangeli, Hugh Dickins, Jerome Glisse,
	Joe Perches, Lokesh Gidra, Mike Rapoport, Peter Xu, Shaohua Li,
	Shuah Khan, Wang Qing, linux-kernel, linux-fsdevel, linux-mm,
	linux-kselftest, Brian Geffon, Cannon Matthews,
	Dr . David Alan Gilbert, David Rientjes, Michel Lespinasse,
	Mina Almasry, Oliver Upton

On Mon, 22 Mar 2021 13:48:35 -0700 Axel Rasmussen <axelrasmussen@google.com> wrote:

> This fix is analogous to Peter Xu's fix for hugetlb [0]. If we don't
> put_page() after getting the page out of the page cache, we leak the
> reference.
> 
> The fix can be verified by checking /proc/meminfo and running the
> userfaultfd selftest in shmem mode. Without the fix, we see MemFree /
> MemAvailable steadily decreasing with each run of the test. With the
> fix, memory is correctly freed after the test program exits.
> 
> Fixes: 00da60b9d0a0 ("userfaultfd: support minor fault handling for shmem")

Confused.  The affected code:

> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -1831,6 +1831,7 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
>  
>  	if (page && vma && userfaultfd_minor(vma)) {
>  		unlock_page(page);
> +		put_page(page);
>  		*fault_type = handle_userfault(vmf, VM_UFFD_MINOR);
>  		return 0;
>  	}

Is added by Peter's "page && vma && userfaultfd_minor".  I assume that
"Fixes:" is incorrect?


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] userfaultfd/shmem: fix minor fault page leak
  2021-03-24 23:20 ` Andrew Morton
@ 2021-03-25  0:52   ` Peter Xu
  2021-03-25  2:10     ` Axel Rasmussen
  0 siblings, 1 reply; 5+ messages in thread
From: Peter Xu @ 2021-03-25  0:52 UTC (permalink / raw)
  To: Andrew Morton
  Cc: Axel Rasmussen, Alexander Viro, Andrea Arcangeli, Hugh Dickins,
	Jerome Glisse, Joe Perches, Lokesh Gidra, Mike Rapoport,
	Shaohua Li, Shuah Khan, Wang Qing, linux-kernel, linux-fsdevel,
	linux-mm, linux-kselftest, Brian Geffon, Cannon Matthews,
	Dr . David Alan Gilbert, David Rientjes, Michel Lespinasse,
	Mina Almasry, Oliver Upton

Hi, Andrew,

On Wed, Mar 24, 2021 at 04:20:27PM -0700, Andrew Morton wrote:
> On Mon, 22 Mar 2021 13:48:35 -0700 Axel Rasmussen <axelrasmussen@google.com> wrote:
> 
> > This fix is analogous to Peter Xu's fix for hugetlb [0]. If we don't
> > put_page() after getting the page out of the page cache, we leak the
> > reference.
> > 
> > The fix can be verified by checking /proc/meminfo and running the
> > userfaultfd selftest in shmem mode. Without the fix, we see MemFree /
> > MemAvailable steadily decreasing with each run of the test. With the
> > fix, memory is correctly freed after the test program exits.
> > 
> > Fixes: 00da60b9d0a0 ("userfaultfd: support minor fault handling for shmem")
> 
> Confused.  The affected code:
> 
> > --- a/mm/shmem.c
> > +++ b/mm/shmem.c
> > @@ -1831,6 +1831,7 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
> >  
> >  	if (page && vma && userfaultfd_minor(vma)) {
> >  		unlock_page(page);
> > +		put_page(page);
> >  		*fault_type = handle_userfault(vmf, VM_UFFD_MINOR);
> >  		return 0;
> >  	}
> 
> Is added by Peter's "page && vma && userfaultfd_minor".  I assume that
> "Fixes:" is incorrect?
> 

It seems to me the commit is correct as pointed to in "Fixes", but I do have a
different commit ID here:

    commit 63c826b1372c4930f89b8a55092699fa7f0d6f4e
    Author: Axel Rasmussen <axelrasmussen@google.com>
    Date:   Thu Mar 18 10:20:43 2021 -0400

    userfaultfd: support minor fault handling for shmem

Axel, did you fetched the commit ID from your local tree, perhaps?  Since I
should have fetched from hnaz/linux-mm and I can see Andrew's sign-off too.

Thanks,

-- 
Peter Xu



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] userfaultfd/shmem: fix minor fault page leak
  2021-03-25  0:52   ` Peter Xu
@ 2021-03-25  2:10     ` Axel Rasmussen
  0 siblings, 0 replies; 5+ messages in thread
From: Axel Rasmussen @ 2021-03-25  2:10 UTC (permalink / raw)
  To: Peter Xu
  Cc: Andrew Morton, Alexander Viro, Andrea Arcangeli, Hugh Dickins,
	Jerome Glisse, Joe Perches, Lokesh Gidra, Mike Rapoport,
	Shaohua Li, Shuah Khan, Wang Qing, LKML, linux-fsdevel, Linux MM,
	linux-kselftest, Brian Geffon, Cannon Matthews,
	Dr . David Alan Gilbert, David Rientjes, Michel Lespinasse,
	Mina Almasry, Oliver Upton

On Wed, Mar 24, 2021 at 5:52 PM Peter Xu <peterx@redhat.com> wrote:
>
> Hi, Andrew,
>
> On Wed, Mar 24, 2021 at 04:20:27PM -0700, Andrew Morton wrote:
> > On Mon, 22 Mar 2021 13:48:35 -0700 Axel Rasmussen <axelrasmussen@google.com> wrote:
> >
> > > This fix is analogous to Peter Xu's fix for hugetlb [0]. If we don't
> > > put_page() after getting the page out of the page cache, we leak the
> > > reference.
> > >
> > > The fix can be verified by checking /proc/meminfo and running the
> > > userfaultfd selftest in shmem mode. Without the fix, we see MemFree /
> > > MemAvailable steadily decreasing with each run of the test. With the
> > > fix, memory is correctly freed after the test program exits.
> > >
> > > Fixes: 00da60b9d0a0 ("userfaultfd: support minor fault handling for shmem")
> >
> > Confused.  The affected code:
> >
> > > --- a/mm/shmem.c
> > > +++ b/mm/shmem.c
> > > @@ -1831,6 +1831,7 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
> > >
> > >     if (page && vma && userfaultfd_minor(vma)) {
> > >             unlock_page(page);
> > > +           put_page(page);
> > >             *fault_type = handle_userfault(vmf, VM_UFFD_MINOR);
> > >             return 0;
> > >     }
> >
> > Is added by Peter's "page && vma && userfaultfd_minor".  I assume that
> > "Fixes:" is incorrect?
> >
>
> It seems to me the commit is correct as pointed to in "Fixes", but I do have a
> different commit ID here:
>
>     commit 63c826b1372c4930f89b8a55092699fa7f0d6f4e
>     Author: Axel Rasmussen <axelrasmussen@google.com>
>     Date:   Thu Mar 18 10:20:43 2021 -0400
>
>     userfaultfd: support minor fault handling for shmem
>
> Axel, did you fetched the commit ID from your local tree, perhaps?  Since I
> should have fetched from hnaz/linux-mm and I can see Andrew's sign-off too.
>
> Thanks,
>
> --
> Peter Xu
>

Ah, this is the SHA I see when I "git log --grep linux-next/akpm"
(where my repo's linux-next remote is [1]):

commit 00da60b9d0a03818c36a2fe862578309c27006ad
Author: Axel Rasmussen <axelrasmussen@google.com>
Date:   Thu Mar 18 17:01:51 2021 +1100

    userfaultfd: support minor fault handling for shmem

This is the commit that this new patch fixes. I'll admit I'm a bit
unsure which tree the "Fixes:" tag is meant to refer to before the
commits make it into Linus' tree, if I should look up the commit
another way just let me know. :) And, sorry for the confusion.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2021-03-25  2:11 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-22 20:48 [PATCH] userfaultfd/shmem: fix minor fault page leak Axel Rasmussen
2021-03-22 21:00 ` Peter Xu
2021-03-24 23:20 ` Andrew Morton
2021-03-25  0:52   ` Peter Xu
2021-03-25  2:10     ` Axel Rasmussen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).