On Mon 08-10-18 17:14:42, Andrew Morton wrote:
> On Mon, 8 Oct 2018 14:16:22 -0700 john.hubbard@xxxxxxxxx wrote:
> > + put_user_page(pages[index]);
> > + }
> > +}
> > +
> > +static inline void put_user_pages(struct page **pages,
> > + unsigned long npages)
> > +{
> > + unsigned long index;
> > +
> > + for (index = 0; index < npages; index++)
> > + put_user_page(pages[index]);
> > +}
> > +
>
> Otherwise looks OK. Ish. But it would be nice if that comment were to
> explain *why* get_user_pages() pages must be released with
> put_user_page().
The reason is that eventually we want to track reference from GUP
separately but you're right that it would be good to have a comment about
that somewhere.
> Also, maintainability. What happens if someone now uses put_page() by
> mistake? Kernel fails in some mysterious fashion? How can we prevent
> this from occurring as code evolves? Is there a cheap way of detecting
> this bug at runtime?
The same will happen as with any other reference counting bug - the special
user reference will leak. It will be pretty hard to debug I agree. I was
thinking about whether we could provide some type safety against such bugs
such as get_user_pages() not returning struct page pointers but rather some
other special type but it would result in a big amount of additional churn
as we'd have to propagate this different type e.g. through the IO path so
that IO completion routines could properly call put_user_pages(). So I'm
not sure it's really worth it.
Honza
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR
