| Message ID | 20220408135323.1559401-3-naoya.horiguchi@linux.dev (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | mm/hwpoison: fix race between hugetlb free/demotion and memory_failure_hugetlb() | expand |
On 2022/4/8 21:53, Naoya Horiguchi wrote: > From: Naoya Horiguchi <naoya.horiguchi@nec.com> > > In already hwpoisoned case, memory_failure() is supposed to return with > releasing the page refcount taken for error handling. But currently the > refcount is not released when called with MF_COUNT_INCREASED, which > makes page refcount inconsistent. This should be rare and non-critical, > but it might be inconvenient in testing (unpoison doesn't work). IMHO, this issue will lead to memoryleak as page isn't freed even owner process is killed. So we might need a Fixes tag? Anyway, this patch looks good to me. Thanks! Reviewed-by: Miaohe Lin <linmiaohe@huawei.com> > > Suggested-by: Miaohe Lin <linmiaohe@huawei.com> > Signed-off-by: Naoya Horiguchi <naoya.horiguchi@nec.com> > --- > mm/memory-failure.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/mm/memory-failure.c b/mm/memory-failure.c > index 2020944398c9..b2e32cdc3823 100644 > --- a/mm/memory-failure.c > +++ b/mm/memory-failure.c > @@ -1811,6 +1811,8 @@ int memory_failure(unsigned long pfn, int flags) > res = -EHWPOISON; > if (flags & MF_ACTION_REQUIRED) > res = kill_accessing_process(current, pfn, flags); > + if (flags & MF_COUNT_INCREASED) > + put_page(p); > goto unlock_mutex; > } > >
On 4/8/22 06:53, Naoya Horiguchi wrote: > From: Naoya Horiguchi <naoya.horiguchi@nec.com> > > In already hwpoisoned case, memory_failure() is supposed to return with > releasing the page refcount taken for error handling. But currently the > refcount is not released when called with MF_COUNT_INCREASED, which > makes page refcount inconsistent. This should be rare and non-critical, > but it might be inconvenient in testing (unpoison doesn't work). > > Suggested-by: Miaohe Lin <linmiaohe@huawei.com> > Signed-off-by: Naoya Horiguchi <naoya.horiguchi@nec.com> > --- > mm/memory-failure.c | 2 ++ > 1 file changed, 2 insertions(+) Thanks! Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 2020944398c9..b2e32cdc3823 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1811,6 +1811,8 @@ int memory_failure(unsigned long pfn, int flags) res = -EHWPOISON; if (flags & MF_ACTION_REQUIRED) res = kill_accessing_process(current, pfn, flags); + if (flags & MF_COUNT_INCREASED) + put_page(p); goto unlock_mutex; }