On Fri, 7 Feb 2014 13:19:54 -0200
Rafael Aquini <aquini@xxxxxxxxxx> wrote:
> Changes committed by "a0b8cab3 mm: remove lru parameter from
> __pagevec_lru_add and remove parts of pagevec API" have introduced
> a call to add_to_page_cache_lru() which causes a leak in nfs_symlink()
> as now the page gets an extra refcount that is not dropped.
>
> Jan Stancek observed and reported the leak effect while running test8 from
> Connectathon Testsuite. After several iterations over the test case,
> which creates several symlinks on a NFS mountpoint, the test system was
> quickly getting into an out-of-memory scenario.
>
> This patch fixes the page leak by dropping that extra refcount
> add_to_page_cache_lru() is grabbing.
>
> Signed-off-by: Jan Stancek <jstancek@xxxxxxxxxx>
> Signed-off-by: Rafael Aquini <aquini@xxxxxxxxxx>
> ---
> fs/nfs/dir.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
> index be38b57..4a48fe4 100644
> --- a/fs/nfs/dir.c
> +++ b/fs/nfs/dir.c
> @@ -1846,6 +1846,11 @@ int nfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
> GFP_KERNEL)) {
> SetPageUptodate(page);
> unlock_page(page);
> + /*
> + * add_to_page_cache_lru() grabs an extra page refcount.
> + * Drop it here to avoid leaking this page later.
> + */
> + page_cache_release(page);
> } else
> __free_page(page);
>
Looks reasonable as an interim fix and should almost certainly go to
stable.
Longer term, I think it would be best from an API standpoint to fix
add_to_page_cache_lru not to take this extra reference (or to have it
drop it itself) and fix up the callers accordingly. That seems like a
trap for the unwary...
--
Jeff Layton <jlayton@xxxxxxxxxx>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>