diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-12-22 14:03:49 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-12-22 14:03:49 -0500 |
| commit | a8472b4bb1aaa421b10f2cc40f70097e67f971ae (patch) | |
| tree | 3f345e0c1c4f9986ba1c8f3cd541f47fbe30b985 /fs | |
| parent | 3dc9acb67600393249a795934ccdfc291a200e6b (diff) | |
| parent | 8e321fefb0e60bae4e2a28d20fc4fa30758d27c6 (diff) | |
Merge git://git.kvack.org/~bcrl/aio-next
Pull AIO leak fixes from Ben LaHaise:
"I've put these two patches plus Linus's change through a round of
tests, and it passes millions of iterations of the aio numa
migratepage test, as well as a number of repetitions of a few simple
read and write tests.
The first patch fixes the memory leak Kent introduced, while the
second patch makes aio_migratepage() much more paranoid and robust"
* git://git.kvack.org/~bcrl/aio-next:
aio/migratepages: make aio migrate pages sane
aio: fix kioctx leak introduced by "aio: Fix a trinity splat"
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/aio.c | 55 |
1 files changed, 46 insertions, 9 deletions
| @@ -244,9 +244,14 @@ static void aio_free_ring(struct kioctx *ctx) | |||
| 244 | int i; | 244 | int i; |
| 245 | 245 | ||
| 246 | for (i = 0; i < ctx->nr_pages; i++) { | 246 | for (i = 0; i < ctx->nr_pages; i++) { |
| 247 | struct page *page; | ||
| 247 | pr_debug("pid(%d) [%d] page->count=%d\n", current->pid, i, | 248 | pr_debug("pid(%d) [%d] page->count=%d\n", current->pid, i, |
| 248 | page_count(ctx->ring_pages[i])); | 249 | page_count(ctx->ring_pages[i])); |
| 249 | put_page(ctx->ring_pages[i]); | 250 | page = ctx->ring_pages[i]; |
| 251 | if (!page) | ||
| 252 | continue; | ||
| 253 | ctx->ring_pages[i] = NULL; | ||
| 254 | put_page(page); | ||
| 250 | } | 255 | } |
| 251 | 256 | ||
| 252 | put_aio_ring_file(ctx); | 257 | put_aio_ring_file(ctx); |
| @@ -280,18 +285,38 @@ static int aio_migratepage(struct address_space *mapping, struct page *new, | |||
| 280 | unsigned long flags; | 285 | unsigned long flags; |
| 281 | int rc; | 286 | int rc; |
| 282 | 287 | ||
| 288 | rc = 0; | ||
| 289 | |||
| 290 | /* Make sure the old page hasn't already been changed */ | ||
| 291 | spin_lock(&mapping->private_lock); | ||
| 292 | ctx = mapping->private_data; | ||
| 293 | if (ctx) { | ||
| 294 | pgoff_t idx; | ||
| 295 | spin_lock_irqsave(&ctx->completion_lock, flags); | ||
| 296 | idx = old->index; | ||
| 297 | if (idx < (pgoff_t)ctx->nr_pages) { | ||
| 298 | if (ctx->ring_pages[idx] != old) | ||
| 299 | rc = -EAGAIN; | ||
| 300 | } else | ||
| 301 | rc = -EINVAL; | ||
| 302 | spin_unlock_irqrestore(&ctx->completion_lock, flags); | ||
| 303 | } else | ||
| 304 | rc = -EINVAL; | ||
| 305 | spin_unlock(&mapping->private_lock); | ||
| 306 | |||
| 307 | if (rc != 0) | ||
| 308 | return rc; | ||
| 309 | |||
| 283 | /* Writeback must be complete */ | 310 | /* Writeback must be complete */ |
| 284 | BUG_ON(PageWriteback(old)); | 311 | BUG_ON(PageWriteback(old)); |
| 285 | put_page(old); | 312 | get_page(new); |
| 286 | 313 | ||
| 287 | rc = migrate_page_move_mapping(mapping, new, old, NULL, mode); | 314 | rc = migrate_page_move_mapping(mapping, new, old, NULL, mode, 1); |
| 288 | if (rc != MIGRATEPAGE_SUCCESS) { | 315 | if (rc != MIGRATEPAGE_SUCCESS) { |
| 289 | get_page(old); | 316 | put_page(new); |
| 290 | return rc; | 317 | return rc; |
| 291 | } | 318 | } |
| 292 | 319 | ||
| 293 | get_page(new); | ||
| 294 | |||
| 295 | /* We can potentially race against kioctx teardown here. Use the | 320 | /* We can potentially race against kioctx teardown here. Use the |
| 296 | * address_space's private data lock to protect the mapping's | 321 | * address_space's private data lock to protect the mapping's |
| 297 | * private_data. | 322 | * private_data. |
| @@ -303,13 +328,24 @@ static int aio_migratepage(struct address_space *mapping, struct page *new, | |||
| 303 | spin_lock_irqsave(&ctx->completion_lock, flags); | 328 | spin_lock_irqsave(&ctx->completion_lock, flags); |
| 304 | migrate_page_copy(new, old); | 329 | migrate_page_copy(new, old); |
| 305 | idx = old->index; | 330 | idx = old->index; |
| 306 | if (idx < (pgoff_t)ctx->nr_pages) | 331 | if (idx < (pgoff_t)ctx->nr_pages) { |
| 307 | ctx->ring_pages[idx] = new; | 332 | /* And only do the move if things haven't changed */ |
| 333 | if (ctx->ring_pages[idx] == old) | ||
| 334 | ctx->ring_pages[idx] = new; | ||
| 335 | else | ||
| 336 | rc = -EAGAIN; | ||
| 337 | } else | ||
| 338 | rc = -EINVAL; | ||
| 308 | spin_unlock_irqrestore(&ctx->completion_lock, flags); | 339 | spin_unlock_irqrestore(&ctx->completion_lock, flags); |
| 309 | } else | 340 | } else |
| 310 | rc = -EBUSY; | 341 | rc = -EBUSY; |
| 311 | spin_unlock(&mapping->private_lock); | 342 | spin_unlock(&mapping->private_lock); |
| 312 | 343 | ||
| 344 | if (rc == MIGRATEPAGE_SUCCESS) | ||
| 345 | put_page(old); | ||
| 346 | else | ||
| 347 | put_page(new); | ||
| 348 | |||
| 313 | return rc; | 349 | return rc; |
| 314 | } | 350 | } |
| 315 | #endif | 351 | #endif |
| @@ -640,7 +676,8 @@ static struct kioctx *ioctx_alloc(unsigned nr_events) | |||
| 640 | aio_nr += ctx->max_reqs; | 676 | aio_nr += ctx->max_reqs; |
| 641 | spin_unlock(&aio_nr_lock); | 677 | spin_unlock(&aio_nr_lock); |
| 642 | 678 | ||
| 643 | percpu_ref_get(&ctx->users); /* io_setup() will drop this ref */ | 679 | percpu_ref_get(&ctx->users); /* io_setup() will drop this ref */ |
| 680 | percpu_ref_get(&ctx->reqs); /* free_ioctx_users() will drop this */ | ||
| 644 | 681 | ||
| 645 | err = ioctx_add_table(ctx, mm); | 682 | err = ioctx_add_table(ctx, mm); |
| 646 | if (err) | 683 | if (err) |