mirror of
https://github.com/torvalds/linux
synced 2024-09-06 18:01:05 +00:00
71562809e4
When __cifs_readv() and __cifs_writev() extract pages from a user-backed
iterator into a BVEC-type iterator, they set ->bv_need_unpin to note
whether they need to unpin the pages later. However, in both cases they
examine the BVEC-type iterator and not the source iterator - and so
bv_need_unpin doesn't get set and the pages are leaked.
I think this may be responsible for the generic/208 xfstest failing
occasionally with:
WARNING: CPU: 0 PID: 3064 at mm/gup.c:218 try_grab_page+0x65/0x100
RIP: 0010:try_grab_page+0x65/0x100
follow_page_pte+0x1a7/0x570
__get_user_pages+0x1a2/0x650
__gup_longterm_locked+0xdc/0xb50
internal_get_user_pages_fast+0x17f/0x310
pin_user_pages_fast+0x46/0x60
iov_iter_extract_pages+0xc9/0x510
? __kmalloc_large_node+0xb1/0x120
? __kmalloc_node+0xbe/0x130
netfs_extract_user_iter+0xbf/0x200 [netfs]
__cifs_writev+0x150/0x330 [cifs]
vfs_write+0x2a8/0x3c0
ksys_pwrite64+0x65/0xa0
with the page refcount going negative. This is less unlikely than it seems
because the page is being pinned, not simply got, and so the refcount
increased by 1024 each time, and so only needs to be called around ~2097152
for the refcount to go negative.
Further, the test program (aio-dio-invalidate-failure) uses a 32MiB static
buffer and all the PTEs covering it refer to the same page because it's
never written to.
The warning in try_grab_page():
if (WARN_ON_ONCE(folio_ref_count(folio) <= 0))
return -ENOMEM;
then trips and prevents us ever using the page again for DIO at least.
Fixes:
|
||
|---|---|---|
| arch | ||
| block | ||
| certs | ||
| crypto | ||
| Documentation | ||
| drivers | ||
| fs | ||
| include | ||
| init | ||
| io_uring | ||
| ipc | ||
| kernel | ||
| lib | ||
| LICENSES | ||
| mm | ||
| net | ||
| rust | ||
| samples | ||
| scripts | ||
| security | ||
| sound | ||
| tools | ||
| usr | ||
| virt | ||
| .clang-format | ||
| .cocciconfig | ||
| .get_maintainer.ignore | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| .rustfmt.toml | ||
| COPYING | ||
| CREDITS | ||
| Kbuild | ||
| Kconfig | ||
| MAINTAINERS | ||
| Makefile | ||
| README | ||
Linux kernel
============
There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.
In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``. The formatted documentation can also be read online at:
https://www.kernel.org/doc/html/latest/
There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.