Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756662Ab0LBCGz (ORCPT ); Wed, 1 Dec 2010 21:06:55 -0500 Received: from smtp1.linux-foundation.org ([140.211.169.13]:36376 "EHLO smtp1.linux-foundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754664Ab0LBCGx (ORCPT ); Wed, 1 Dec 2010 21:06:53 -0500 Date: Wed, 1 Dec 2010 18:05:18 -0800 From: Andrew Morton To: Linus Torvalds Cc: Trond Myklebust , Hugh Dickins , Nick Piggin , Nick Bowler , Linux Kernel Mailing List , linux-nfs@vger.kernel.org, Rik van Riel , Christoph Hellwig , Al Viro Subject: Re: [PATCH v2 3/3] NFS: Fix a memory leak in nfs_readdir Message-Id: <20101201180518.62f0915c.akpm@linux-foundation.org> In-Reply-To: References: <1291217804-11257-1-git-send-email-Trond.Myklebust@netapp.com> <1291234251.6609.39.camel@heimdal.trondhjem.org> <20101201123341.d12ef362.akpm@linux-foundation.org> <20101201133831.ea6ba10a.akpm@linux-foundation.org> <1291240272.6609.50.camel@heimdal.trondhjem.org> <20101201141351.8609140b.akpm@linux-foundation.org> <20101201143856.51f4f9d9.akpm@linux-foundation.org> <20101201153608.78b331f9.akpm@linux-foundation.org> <20101201172224.b8a25bdf.akpm@linux-foundation.org> X-Mailer: Sylpheed 2.7.1 (GTK+ 2.18.9; x86_64-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1810 Lines: 37 On Wed, 1 Dec 2010 17:42:08 -0800 Linus Torvalds wrote: > On Wed, Dec 1, 2010 at 5:22 PM, Andrew Morton wrote: > > > > What we're talking about is races against memory reclaim, unmount, etc. > > Ahh. Those I can believe in. Although I think they'd almost > incidentally be fixed by making inode freeing (which is where the > 'struct address_space' is embedded) RCU-safe, which we're going to do > anyway in 38. Then we could make the vmscan code just be a rcu-read > section. I didn't know that aspect of it. It will be nice to plug this race - it's been there for so long because nobody was able to think of an acceptable way of fixing it by direct means (synchronous locking, refcounting, etc). Taking a ref on the inode doesn't work, because we can't run iput_final() in direct-reclaim contexts (lock ordering snafus). vmscan is the problematic path - I _think_ all other code paths which remove pagecache have an inode ref. But this assumes that inode->i_mapping points at inode->i_data! Need to think about the situation where it points at a different inode's i_data - in that case these callers may have a ref on the wrong inode. > Of course, I do think the race is basically impossible to hit in > practice regardless. Actually I was able to hit the race back in late 2.5 or thereabouts. Really massive memory pressure caused vmscan->icache_shrinker to free the inode/address_space while another CPU in vmscan was playing with the address_space. That was quite a debugging session ;) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/