From: Roland Dreier <rdreier@cisco.com>
To: Dave Olson <olson@unixfolk.com>
Cc: linux-kernel@vger.kernel.org, openib-general@openib.org
Subject: Re: [openib-general] Re: [PATCH 35 of 53] ipath - some interrelated stability and cleanliness fixes
Date: Wed, 17 May 2006 21:55:21 -0700 [thread overview]
Message-ID: <adaac9g3pae.fsf@cisco.com> (raw)
In-Reply-To: <Pine.LNX.4.61.0605172113480.23165@osa.unixfolk.com> (Dave Olson's message of "Wed, 17 May 2006 21:13:59 -0700 (PDT)")
Dave> We did discover one possible problem today, which is shared
Dave> between our device code and the core openib code, and that's
Dave> doing some memory freeing and accounting from a work thread
Dave> (updating mm->locked_vm and cleaning up from earlier
Dave> get_user_pages); the code in our driver was copied from the
Dave> openib core code, it's not literally shared.
Dave> I have a strong suspicion that at least sometimes, it's
Dave> executing after the current->mm has gone away. I'm looking
Dave> at that more right now.
It doesn't seem likely to me. In uverbs_mem.c,
ib_umem_release_on_close() does get_task_mm() and gives up if it can't
take a reference to the task's mm. The mmput() doesn't happen until
ib_umem_account() runs in the work thread.
I do see obvious bugs in ipath_user_pages.c, though. In
ipath_release_user_pages_on_close(), you have:
mm = get_task_mm(current);
if (!mm)
goto bail;
work = kmalloc(sizeof(*work), GFP_KERNEL);
if (!work)
goto bail_mm;
goto bail;
INIT_WORK(&work->work, user_pages_account, work);
work->mm = mm;
work->num_pages = num_pages;
bail_mm:
mmput(mm);
bail:
return;
So with the "goto bail" you skip the code which does something with
the work you allocate, which means that you leak not only the work
structure but also the reference to the task's mm that you took.
Even without the "goto bail" the code still wouldn't actually schedule
the work, so the work structure would be leaked, although you would do
mmput().
I'm not sure what you were trying to do here.c
- R.
next prev parent reply other threads:[~2006-05-18 4:55 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <fa.2ho1QSA8Kf7L8EFqp3rLsB7NE9s@ifi.uio.no>
[not found] ` <fa.yXZlqXBzNi9Gq/4Q6Wc9H6bw+lU@ifi.uio.no>
2006-05-17 16:47 ` [PATCH 35 of 53] ipath - some interrelated stability and cleanliness fixes Dave Olson
2006-05-17 18:08 ` [openib-general] " Roland Dreier
2006-05-18 4:13 ` Dave Olson
2006-05-18 4:55 ` Roland Dreier [this message]
2006-05-18 5:15 ` Bryan O'Sullivan
2006-05-18 5:17 ` Roland Dreier
2006-05-18 7:04 ` Dave Olson
2006-05-18 5:26 ` Dave Olson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=adaac9g3pae.fsf@cisco.com \
--to=rdreier@cisco.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olson@unixfolk.com \
--cc=openib-general@openib.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.