From: Mike Kravetz <mike.kravetz@oracle.com>
To: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Cc: Muchun Song <songmuchun@bytedance.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linux-MM <linux-mm@kvack.org>,
kernel-janitors <kernel-janitors@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Observed memory leak in hugetlb_reserve_pages
Date: Mon, 17 Oct 2022 13:40:32 -0700 [thread overview]
Message-ID: <Y029wEbf5/AwxGPy@monkey> (raw)
In-Reply-To: <Y02TIcPTBcQPmk5J@monkey>
On 10/17/22 10:38, Mike Kravetz wrote:
> On 10/17/22 13:11, Lukas Bulwahn wrote:
> > Dear Mike,
> >
> > The reproducer for the 'memory leak in hugetlb_reserve_pages' bug (see
> > https://elisa-builder-00.iol.unh.edu/syzkaller-next/report?id=3469603f4a0da86b581cc979bd6c6663b46ceb1b)
> > is reproducible, it is triggering the memory leak on the current
> > mainline (commit 60bb8154d1d7), and it was not triggering on v6.0. My
> > build config is a x86_64 defconfig with some syzkaller-recommended
> > debug options.
>
> Thank you Lukas!
>
> The leak is embarrassingly obvious. Here is a bit of code at the beginning of
> hugetlb_reserve_pages:
>
> /*
> * vma specific semaphore used for pmd sharing synchronization
> */
> hugetlb_vma_lock_alloc(vma);
>
> /*
> * Only apply hugepage reservation if asked. At fault time, an
> * attempt will be made for VM_NORESERVE to allocate a page
> * without using reserves
> */
> if (vm_flags & VM_NORESERVE)
> return true;
>
> There needs to be a hugetlb_vma_lock_free(vma) call before that return.
>
> I will do some testing and send a patch. However, I will use commit
> 8d9bfb2608145 in the Fixes: tag. This is because that commit added the
> call to hugetlb_vma_lock_alloc in hugetlb_reserve_pages without the
> hugetlb_vma_lock_free in the VM_NORESERVE return.
>
> > My git bisection showed that the first bad commit is
> > [bbff39cc6cbcb86ccfacb2dcafc79912a9f9df69] hugetlb: allocate vma lock
> > for all sharable vmas.
>
> The reason your bisect pointed to bbff39cc6cbc is because the mmap/vma size in
> the test case is not sufficient for pmd sharing. Therefore, the test did not
> experience a leak until the patch which allocates the vma lock for ALL vmas
> was added.
Please ignore this email. I sent it before looking (or thinking) closely.
--
Mike Kravetz
prev parent reply other threads:[~2022-10-17 20:44 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-17 11:11 Observed memory leak in hugetlb_reserve_pages Lukas Bulwahn
2022-10-17 17:38 ` Mike Kravetz
2022-10-17 20:40 ` Mike Kravetz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y029wEbf5/AwxGPy@monkey \
--to=mike.kravetz@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lukas.bulwahn@gmail.com \
--cc=songmuchun@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).