put_page on transparent huge page leaks?
From: Jay Cornwall
Date: Fri Feb 21 2014 - 12:33:19 EST
Hi,
I'm tracking a possible memory leak in iommu/amd. The driver uses this
logic to fault a page in response to a PRI from a device:
npages = get_user_pages(fault->state->task, fault->state->mm,
fault->address, 1, write, 0, &page, NULL);
if (npages == 1)
put_page(page);
else
...
This works correctly when get_user_pages returns a 4KB page. When
transparent huge pages are enabled any 2MB page returned by this call
appears to leak on process exit. The non-cached memory usage stays
elevated by the set of faulted 2MB pages. This behavior is not observed
when the exception handler demand faults 2MB pages.
I notice there is a difference in reference count between the 4KB/2MB
paths.
get_user_pages (4KB): page_count()=3, page_mapcount()=1
put_page (4KB): page_count()=2, page_mapcount()=1
get_user_pages (2MB): page_count()=3, page_mapcount()=1
put_page (2MB): page_count()=3, page_mapcount()=0
I'm concerned that the driver appears to be holding a reference count
after put_page(). Am I interpreting this observation correctly?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/