2020-03-06 01:20:12

by Joel Fernandes

[permalink] [raw]
Subject: [RFC] ashmem: Fix ashmem shrinker nr_to_scan

nr_to_scan is the number of pages to be freed however ashmem doesn't
discount nr_to_scan correctly as it frees ranges. It should be
discounting them by pages than by ranges. Correct the issue.

Cc: [email protected]
Signed-off-by: Joel Fernandes (Google) <[email protected]>
---
drivers/staging/android/ashmem.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
index 5891d0744a760..cb525ea6db98a 100644
--- a/drivers/staging/android/ashmem.c
+++ b/drivers/staging/android/ashmem.c
@@ -458,6 +458,8 @@ ashmem_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
lru_del(range);

freed += range_size(range);
+ sc->nr_to_scan -= range_size(range);
+
mutex_unlock(&ashmem_mutex);
f->f_op->fallocate(f,
FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
@@ -467,7 +469,7 @@ ashmem_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
wake_up_all(&ashmem_shrink_wait);
if (!mutex_trylock(&ashmem_mutex))
goto out;
- if (--sc->nr_to_scan <= 0)
+ if (sc->nr_to_scan <= 0)
break;
}
mutex_unlock(&ashmem_mutex);
--
2.25.0.265.gbab2e86ba0-goog


2020-03-10 10:47:27

by Dan Carpenter

[permalink] [raw]
Subject: Re: [RFC] ashmem: Fix ashmem shrinker nr_to_scan

On Thu, Mar 05, 2020 at 08:19:30PM -0500, Joel Fernandes (Google) wrote:
> nr_to_scan is the number of pages to be freed however ashmem doesn't
> discount nr_to_scan correctly as it frees ranges. It should be
> discounting them by pages than by ranges. Correct the issue.
>
> Cc: [email protected]
> Signed-off-by: Joel Fernandes (Google) <[email protected]>
> ---
> drivers/staging/android/ashmem.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
> index 5891d0744a760..cb525ea6db98a 100644
> --- a/drivers/staging/android/ashmem.c
> +++ b/drivers/staging/android/ashmem.c
> @@ -458,6 +458,8 @@ ashmem_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
> lru_del(range);
>
> freed += range_size(range);
> + sc->nr_to_scan -= range_size(range);
^^
Two space characters.

In the old code we didn't *really* have to worry about sc->nr_to_scan
dropping to negative, but now we do. ->nr_to_scan is unsigned so it
would be a high positive value now so it's maybe a forever loop? I'm
too lazy to verify...

regards,
dan carpenter