mm: gup: fix potential pgmap refcnt leak in __gup_device_huge()
When failed to try_grab_page, put_dev_pagemap() is missed. So pgmap
refcnt will leak in this case. Also we remove the check for pgmap against
NULL as it's also checked inside the put_dev_pagemap().
[akpm@linux-foundation.org: simplify, cleanup]
[akpm@linux-foundation.org: fix return value]
Link: https://lkml.kernel.org/r/20210807093620.21347-5-linmiaohe@huawei.com
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Fixes: 3faa52c03f
("mm/gup: track FOLL_PIN pages")
Reviewed-by: John Hubbard <jhubbard@nvidia.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Родитель
06a9e69663
Коммит
6401c4eb57
10
mm/gup.c
10
mm/gup.c
|
@ -2240,6 +2240,7 @@ static int __gup_device_huge(unsigned long pfn, unsigned long addr,
|
||||||
{
|
{
|
||||||
int nr_start = *nr;
|
int nr_start = *nr;
|
||||||
struct dev_pagemap *pgmap = NULL;
|
struct dev_pagemap *pgmap = NULL;
|
||||||
|
int ret = 1;
|
||||||
|
|
||||||
do {
|
do {
|
||||||
struct page *page = pfn_to_page(pfn);
|
struct page *page = pfn_to_page(pfn);
|
||||||
|
@ -2247,21 +2248,22 @@ static int __gup_device_huge(unsigned long pfn, unsigned long addr,
|
||||||
pgmap = get_dev_pagemap(pfn, pgmap);
|
pgmap = get_dev_pagemap(pfn, pgmap);
|
||||||
if (unlikely(!pgmap)) {
|
if (unlikely(!pgmap)) {
|
||||||
undo_dev_pagemap(nr, nr_start, flags, pages);
|
undo_dev_pagemap(nr, nr_start, flags, pages);
|
||||||
return 0;
|
ret = 0;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
SetPageReferenced(page);
|
SetPageReferenced(page);
|
||||||
pages[*nr] = page;
|
pages[*nr] = page;
|
||||||
if (unlikely(!try_grab_page(page, flags))) {
|
if (unlikely(!try_grab_page(page, flags))) {
|
||||||
undo_dev_pagemap(nr, nr_start, flags, pages);
|
undo_dev_pagemap(nr, nr_start, flags, pages);
|
||||||
return 0;
|
ret = 0;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
(*nr)++;
|
(*nr)++;
|
||||||
pfn++;
|
pfn++;
|
||||||
} while (addr += PAGE_SIZE, addr != end);
|
} while (addr += PAGE_SIZE, addr != end);
|
||||||
|
|
||||||
if (pgmap)
|
|
||||||
put_dev_pagemap(pgmap);
|
put_dev_pagemap(pgmap);
|
||||||
return 1;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr,
|
static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr,
|
||||||
|
|
Загрузка…
Ссылка в новой задаче