On Mon, 21 Sep 2020, Tianjia Zhang wrote:
> In function __shmem_file_setup(), shmem_unacct_size() is forgotten
> on the failed path, so add it.
>
> Fixes: 93dec2da7b234 ("... and switch shmem_file_setup() to alloc_file_pseudo()")
> Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> Signed-off-by: Tianjia Zhang <tianjia.zhang@xxxxxxxxxxxxxxxxx>
> ---
> mm/shmem.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 8e2b35ba93ad..591410dc3541 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -4200,8 +4200,10 @@ static struct file *__shmem_file_setup(struct vfsmount *mnt, const char *name, l
> if (!IS_ERR(res))
> res = alloc_file_pseudo(inode, mnt, name, O_RDWR,
> &shmem_file_operations);
> - if (IS_ERR(res))
> + if (IS_ERR(res)) {
> iput(inode);
> + shmem_unacct_size(flags, size);
> + }
> return res;
> }
>
> --
> 2.19.1.3.ge56e4f7
Looks mistaken to me.
Is this something you noticed by source inspection,
or something you have observed in practice?
I haven't tried exercising this path while injecting errors into
alloc_file_pseudo(); but what I'd expect to happen is that the
iput(inode), which you see already on that error path, will get
to evict the inode, which will entail calling shmem_evict_inode(),
which does that shmem_unacct_size() itself.
Hugh
