[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <168485357325.2849279.485978688281828101.stgit@firesoul>
Date: Tue, 23 May 2023 16:52:53 +0200
From: Jesper Dangaard Brouer <brouer@...hat.com>
To: Ilias Apalodimas <ilias.apalodimas@...aro.org>, netdev@...r.kernel.org,
Eric Dumazet <eric.dumazet@...il.com>, linux-mm@...ck.org,
Mel Gorman <mgorman@...hsingularity.net>
Cc: Jesper Dangaard Brouer <brouer@...hat.com>, lorenzo@...nel.org,
Toke Høiland-Jørgensen <toke@...hat.com>,
linyunsheng@...wei.com, bpf@...r.kernel.org,
"David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Andrew Morton <akpm@...ux-foundation.org>,
willy@...radead.org
Subject: [PATCH RFC net-next/mm V4 1/2] mm/page_pool: catch page_pool memory
leaks
Pages belonging to a page_pool (PP) instance must be freed through the
PP APIs in-order to correctly release any DMA mappings and release
refcnt on the DMA device when freeing PP instance. When PP release a
page (page_pool_release_page) the page->pp_magic value is cleared.
This patch detect a leaked PP page in free_page_is_bad() via
unexpected state of page->pp_magic value being PP_SIGNATURE.
We choose to report and treat it as a bad page. It would be possible
to release the page via returning it to the PP instance as the
page->pp pointer is likely still valid.
Notice this code is only activated when either compiled with
CONFIG_DEBUG_VM or boot cmdline debug_pagealloc=on, and
CONFIG_PAGE_POOL.
Reduced example output of leak with PP_SIGNATURE = dead000000000040:
BUG: Bad page state in process swapper/0 pfn:110bbf
page:000000005bc8cfb8 refcount:0 mapcount:0 mapping:0000000000000000 index:0x110bbf000 pfn:0x110bbf
flags: 0x2fffff80000000(node=0|zone=2|lastcpupid=0x1fffff)
raw: 002fffff80000000 dead000000000040 ffff888117255000 0000000000000000
raw: 0000000110bbf000 000000000000003e 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
[...]
Signed-off-by: Jesper Dangaard Brouer <brouer@...hat.com>
---
mm/page_alloc.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 47421bedc12b..e6b996da39d4 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -1085,6 +1085,9 @@ static inline bool page_expected_state(struct page *page,
page_ref_count(page) |
#ifdef CONFIG_MEMCG
page->memcg_data |
+#endif
+#ifdef CONFIG_PAGE_POOL
+ ((page->pp_magic & ~0x3UL) == PP_SIGNATURE) |
#endif
(page->flags & check_flags)))
return false;
@@ -1111,6 +1114,10 @@ static const char *page_bad_reason(struct page *page, unsigned long flags)
#ifdef CONFIG_MEMCG
if (unlikely(page->memcg_data))
bad_reason = "page still charged to cgroup";
+#endif
+#ifdef CONFIG_PAGE_POOL
+ if (unlikely((page->pp_magic & ~0x3UL) == PP_SIGNATURE))
+ bad_reason = "page_pool leak";
#endif
return bad_reason;
}
Powered by blists - more mailing lists