From patchwork Tue Oct 19 15:27:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Righi X-Patchwork-Id: 1543420 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=tCPFs3v9; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HYd0b1vLSz9sR4 for ; Wed, 20 Oct 2021 02:27:43 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1mcr1d-0000he-Vy; Tue, 19 Oct 2021 15:27:37 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1mcr1a-0000fk-Gi for kernel-team@lists.ubuntu.com; Tue, 19 Oct 2021 15:27:34 +0000 Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 2FD643FFF7 for ; Tue, 19 Oct 2021 15:27:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1634657254; bh=ijlmU5eGUrDCT6wN4OHKUKL5zgKAmDJx8UFZJPzRFJY=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=tCPFs3v9XYDAdbw1uYBplfg2IGyQBTaCVo5lJhxlFFczIbCfCJvD6IMOI5+cbQwwv syD3+K3Q5S0W0D/FZ0LAyctH4YfCB7HZDl+R0hJ5owVYRQ20APERSuOITGwsXTIqY8 cYVIBw6ahPs8P9BShRr6tWxLW9s1V1sNIlYMwtG6x6SINTfse4jQO+8/2JNtRe+AE/ YmvMiL4KAilEMhaB6KoH+oKBNH8DQt5vk/pRxbmewzChA4ydqTfijNumTEQRKUf8Ln 8vwIxdYrvJSTqUdvCTWM8mFysrMcY6BST/AjhatEDr9UtV87ej5wUfT8vxQCGx4ERA xonuzRvHxvKqA== Received: by mail-ed1-f69.google.com with SMTP id v2-20020a50f082000000b003db24e28d59so17938815edl.5 for ; Tue, 19 Oct 2021 08:27:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ijlmU5eGUrDCT6wN4OHKUKL5zgKAmDJx8UFZJPzRFJY=; b=k9PgKXBYUhE2BuOiKNnzF7M6sPgaZLjbZwlewrf5Vk00ODewyZCdIzE44udaC/jLQD 7W+2safBPE6GuhMedYk+X3lKm1g0+/WClFHL/tMvXf3lwzXDS921pQzHDyG//AWa6WtK /6TmBWgxxh9eOado8S1vA+kLhiMCoBRvNl7op3uU7a8F0FThbjQ7drQsBpzF0ULcG7V6 JH62Ag7sJWqJcvw1FjWITszxZpDAgCl0dP+WHwzgetBvlMi2wMmQcmIoCeT8mv2vwA0Y HlnYfHBlbTqz+FA5jy9qhafxhd2Jk2HJhYmVuhKDKROxHCU4Atk7Fq0W2bUxz2NK2hvU EIqQ== X-Gm-Message-State: AOAM531FoR9bVDry6hPoQjKw/chiYKWyH25ZGLbUHZnmLA/mYcM8LrVR 9y8y5OA+M78avEzoGD3qSMaZYkm1amlz1KHJ/avCJe37tMv8FnaZJUuuV+1YGwGhmJUl1XUZdgV /Yvi9KV04DuvUBxoRggW2g3BHUh8ppYahpXzEY4pr4A== X-Received: by 2002:a17:906:9414:: with SMTP id q20mr39893056ejx.241.1634657253823; Tue, 19 Oct 2021 08:27:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxn+M3KLmDgUft2TuSCBDL3GTUUmqjr3GRpw/vA3MWuEv/FVjXiWNyN+eLjpLX3udUqMsOWbA== X-Received: by 2002:a17:906:9414:: with SMTP id q20mr39893031ejx.241.1634657253537; Tue, 19 Oct 2021 08:27:33 -0700 (PDT) Received: from arighi-desktop.homenet.telecomitalia.it ([2001:67c:1560:8007::aac:c1b6]) by smtp.gmail.com with ESMTPSA id z19sm10337732ejw.44.2021.10.19.08.27.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Oct 2021 08:27:33 -0700 (PDT) From: Andrea Righi To: kernel-team@lists.ubuntu.com Subject: [SRU][B][PATCH 2/2] cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active Date: Tue, 19 Oct 2021 17:27:28 +0200 Message-Id: <20211019152728.64481-3-andrea.righi@canonical.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211019152728.64481-1-andrea.righi@canonical.com> References: <20211019152728.64481-1-andrea.righi@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Kiran Kumar Modukuri BugLink: https://bugs.launchpad.net/bugs/1947709 [Description] In a heavily loaded system where the system pagecache is nearing memory limits and fscache is enabled, pages can be leaked by fscache while trying read pages from cachefiles backend. This can happen because two applications can be reading same page from a single mount, two threads can be trying to read the backing page at same time. This results in one of the threads finding that a page for the backing file or netfs file is already in the radix tree. During the error handling cachefiles does not clean up the reference on backing page, leading to page leak. [Fix] The fix is straightforward, to decrement the reference when error is encountered. [dhowells: Note that I've removed the clearance and put of newpage as they aren't attested in the commit message and don't appear to actually achieve anything since a new page is only allocated is newpage!=NULL and any residual new page is cleared before returning.] [Testing] I have tested the fix using following method for 12+ hrs. 1) mkdir -p /mnt/nfs ; mount -o vers=3,fsc :/export /mnt/nfs 2) create 10000 files of 2.8MB in a NFS mount. 3) start a thread to simulate heavy VM presssure (while true ; do echo 3 > /proc/sys/vm/drop_caches ; sleep 1 ; done)& 4) start multiple parallel reader for data set at same time find /mnt/nfs -type f | xargs -P 80 cat > /dev/null & find /mnt/nfs -type f | xargs -P 80 cat > /dev/null & find /mnt/nfs -type f | xargs -P 80 cat > /dev/null & .. .. find /mnt/nfs -type f | xargs -P 80 cat > /dev/null & find /mnt/nfs -type f | xargs -P 80 cat > /dev/null & 5) finally check using cat /proc/fs/fscache/stats | grep -i pages ; free -h , cat /proc/meminfo and page-types -r -b lru to ensure all pages are freed. Reviewed-by: Daniel Axtens Signed-off-by: Shantanu Goel Signed-off-by: Kiran Kumar Modukuri [dja: forward ported to current upstream] Signed-off-by: Daniel Axtens Signed-off-by: David Howells (cherry picked from commit 9a24ce5b66f9c8190d63b15f4473600db4935f1f) Signed-off-by: Andrea Righi --- fs/cachefiles/rdwr.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c index 01efc649c53de..dd33310ed2e3e 100644 --- a/fs/cachefiles/rdwr.c +++ b/fs/cachefiles/rdwr.c @@ -536,7 +536,10 @@ static int cachefiles_read_backing_file(struct cachefiles_object *object, netpage->index, cachefiles_gfp); if (ret < 0) { if (ret == -EEXIST) { + put_page(backpage); + backpage = NULL; put_page(netpage); + netpage = NULL; fscache_retrieval_complete(op, 1); continue; } @@ -609,7 +612,10 @@ static int cachefiles_read_backing_file(struct cachefiles_object *object, netpage->index, cachefiles_gfp); if (ret < 0) { if (ret == -EEXIST) { + put_page(backpage); + backpage = NULL; put_page(netpage); + netpage = NULL; fscache_retrieval_complete(op, 1); continue; }