put_page on transparent huge page leaks?

From: Jay Cornwall
Date: Fri Feb 21 2014 - 12:33:19 EST


Hi,

I'm tracking a possible memory leak in iommu/amd. The driver uses this logic to fault a page in response to a PRI from a device:

npages = get_user_pages(fault->state->task, fault->state->mm,
fault->address, 1, write, 0, &page, NULL);

if (npages == 1)
put_page(page);
else
...

This works correctly when get_user_pages returns a 4KB page. When transparent huge pages are enabled any 2MB page returned by this call appears to leak on process exit. The non-cached memory usage stays elevated by the set of faulted 2MB pages. This behavior is not observed when the exception handler demand faults 2MB pages.

I notice there is a difference in reference count between the 4KB/2MB paths.

get_user_pages (4KB): page_count()=3, page_mapcount()=1
put_page (4KB): page_count()=2, page_mapcount()=1

get_user_pages (2MB): page_count()=3, page_mapcount()=1
put_page (2MB): page_count()=3, page_mapcount()=0

I'm concerned that the driver appears to be holding a reference count after put_page(). Am I interpreting this observation correctly?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/