This issue was discovered by Jan Stancek as described in https://lkml.kernel.org/r/57FF7BB4.1070202@xxxxxxxxxx Error paths in hugetlb_cow() and hugetlb_no_page() do not properly clean up reservation entries when freeing a newly allocated huge page. This issue was introduced with commit 67961f9db8c4 ("mm/hugetlb: fix huge page reserve accounting for private mappings). That commit uses the information in private mapping reserve maps to determine if a reservation was already consumed. This is important in the case of hole punch and truncate as the pages are released, but reservation entries are not restored. This patch restores the reserve entries in hugetlb_cow and hugetlb_no_page such that reserve entries are consistent with the global reservation count. The huge page reservation code is quite hard to follow, and this patch makes it even more complex. One thought I had was to change the way hole punch and truncate work so that private mapping pages are not thrown away. This would eliminate the need for this patch as well as 67961f9db8c4. It would change the existing semantics (as seen by the user) in this area, but I believe the documentation (man pages) say the behavior is unspecified. This could be a future change as well as rewriting the existing reservation code to make it easier to understand/maintain. Thoughts? In any case, this patch addresses the immediate issue. Mike Kravetz (1): mm/hugetlb: fix huge page reservation leak in private mapping error paths mm/hugetlb.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) -- 2.7.4 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>