Changes committed by "a0b8cab3 mm: remove lru parameter from
__pagevec_lru_add and remove parts of pagevec API" have introduced
a call to add_to_page_cache_lru() which causes a leak in nfs_symlink()
as now the page gets an extra refcount that is not dropped.
Jan Stancek observed and reported the leak effect while running test8 from
Connectathon Testsuite. After several iterations over the test case,
which creates several symlinks on a NFS mountpoint, the test system was
quickly getting into an out-of-memory scenario.
This patch fixes the page leak by dropping that extra refcount
add_to_page_cache_lru() is grabbing.
Signed-off-by: Jan Stancek <[email protected]>
Signed-off-by: Rafael Aquini <[email protected]>
---
fs/nfs/dir.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index be38b57..4a48fe4 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1846,6 +1846,11 @@ int nfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
GFP_KERNEL)) {
SetPageUptodate(page);
unlock_page(page);
+ /*
+ * add_to_page_cache_lru() grabs an extra page refcount.
+ * Drop it here to avoid leaking this page later.
+ */
+ page_cache_release(page);
} else
__free_page(page);
--
1.8.5.3
On Fri, 7 Feb 2014 13:19:54 -0200
Rafael Aquini <[email protected]> wrote:
> Changes committed by "a0b8cab3 mm: remove lru parameter from
> __pagevec_lru_add and remove parts of pagevec API" have introduced
> a call to add_to_page_cache_lru() which causes a leak in nfs_symlink()
> as now the page gets an extra refcount that is not dropped.
>
> Jan Stancek observed and reported the leak effect while running test8 from
> Connectathon Testsuite. After several iterations over the test case,
> which creates several symlinks on a NFS mountpoint, the test system was
> quickly getting into an out-of-memory scenario.
>
> This patch fixes the page leak by dropping that extra refcount
> add_to_page_cache_lru() is grabbing.
>
> Signed-off-by: Jan Stancek <[email protected]>
> Signed-off-by: Rafael Aquini <[email protected]>
> ---
> fs/nfs/dir.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
> index be38b57..4a48fe4 100644
> --- a/fs/nfs/dir.c
> +++ b/fs/nfs/dir.c
> @@ -1846,6 +1846,11 @@ int nfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
> GFP_KERNEL)) {
> SetPageUptodate(page);
> unlock_page(page);
> + /*
> + * add_to_page_cache_lru() grabs an extra page refcount.
> + * Drop it here to avoid leaking this page later.
> + */
> + page_cache_release(page);
> } else
> __free_page(page);
>
Looks reasonable as an interim fix and should almost certainly go to
stable.
Longer term, I think it would be best from an API standpoint to fix
add_to_page_cache_lru not to take this extra reference (or to have it
drop it itself) and fix up the callers accordingly. That seems like a
trap for the unwary...
--
Jeff Layton <[email protected]>
On Fri, Feb 07, 2014 at 10:39:24AM -0500, Jeff Layton wrote:
> On Fri, 7 Feb 2014 13:19:54 -0200
> Rafael Aquini <[email protected]> wrote:
>
> > Changes committed by "a0b8cab3 mm: remove lru parameter from
> > __pagevec_lru_add and remove parts of pagevec API" have introduced
> > a call to add_to_page_cache_lru() which causes a leak in nfs_symlink()
> > as now the page gets an extra refcount that is not dropped.
> >
> > Jan Stancek observed and reported the leak effect while running test8 from
> > Connectathon Testsuite. After several iterations over the test case,
> > which creates several symlinks on a NFS mountpoint, the test system was
> > quickly getting into an out-of-memory scenario.
> >
> > This patch fixes the page leak by dropping that extra refcount
> > add_to_page_cache_lru() is grabbing.
> >
> > Signed-off-by: Jan Stancek <[email protected]>
> > Signed-off-by: Rafael Aquini <[email protected]>
> > ---
> > fs/nfs/dir.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
> > index be38b57..4a48fe4 100644
> > --- a/fs/nfs/dir.c
> > +++ b/fs/nfs/dir.c
> > @@ -1846,6 +1846,11 @@ int nfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
> > GFP_KERNEL)) {
> > SetPageUptodate(page);
> > unlock_page(page);
> > + /*
> > + * add_to_page_cache_lru() grabs an extra page refcount.
> > + * Drop it here to avoid leaking this page later.
> > + */
> > + page_cache_release(page);
> > } else
> > __free_page(page);
> >
>
> Looks reasonable as an interim fix and should almost certainly go to
> stable.
>
> Longer term, I think it would be best from an API standpoint to fix
> add_to_page_cache_lru not to take this extra reference (or to have it
> drop it itself) and fix up the callers accordingly. That seems like a
> trap for the unwary...
>
100% agreed. I'll look into the long term approach you suggested, but as
you mentioned, the interim fix is the reasonable thing to go with now, for
mainline and stable.
Thanks for looking into it Jeff.
-- Rafael
On Fri, Feb 07, 2014 at 01:19:54PM -0200, Rafael Aquini wrote:
> Changes committed by "a0b8cab3 mm: remove lru parameter from
> __pagevec_lru_add and remove parts of pagevec API" have introduced
> a call to add_to_page_cache_lru() which causes a leak in nfs_symlink()
> as now the page gets an extra refcount that is not dropped.
>
> Jan Stancek observed and reported the leak effect while running test8 from
> Connectathon Testsuite. After several iterations over the test case,
> which creates several symlinks on a NFS mountpoint, the test system was
> quickly getting into an out-of-memory scenario.
>
> This patch fixes the page leak by dropping that extra refcount
> add_to_page_cache_lru() is grabbing.
>
> Signed-off-by: Jan Stancek <[email protected]>
> Signed-off-by: Rafael Aquini <[email protected]>
Thanks.
Acked-by: Mel Gorman <[email protected]>
It should be cc'd for stable for 3.11 and later kernels.
--
Mel Gorman
SUSE Labs
On 02/07/2014 10:19 AM, Rafael Aquini wrote:
> Changes committed by "a0b8cab3 mm: remove lru parameter from
> __pagevec_lru_add and remove parts of pagevec API" have introduced
> a call to add_to_page_cache_lru() which causes a leak in nfs_symlink()
> as now the page gets an extra refcount that is not dropped.
>
> Jan Stancek observed and reported the leak effect while running test8 from
> Connectathon Testsuite. After several iterations over the test case,
> which creates several symlinks on a NFS mountpoint, the test system was
> quickly getting into an out-of-memory scenario.
>
> This patch fixes the page leak by dropping that extra refcount
> add_to_page_cache_lru() is grabbing.
>
> Signed-off-by: Jan Stancek <[email protected]>
> Signed-off-by: Rafael Aquini <[email protected]>
Acked-by: Rik van Riel <[email protected]>