| Message ID | 20200920163005.97079-1-tianjia.zhang@linux.alibaba.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | mm/shmem.c: Fix the missing unaccount on the failed path | expand |
On Mon, 21 Sep 2020, Tianjia Zhang wrote: > In function __shmem_file_setup(), shmem_unacct_size() is forgotten > on the failed path, so add it. > > Fixes: 93dec2da7b234 ("... and switch shmem_file_setup() to alloc_file_pseudo()") > Cc: Al Viro <viro@zeniv.linux.org.uk> > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > --- > mm/shmem.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/mm/shmem.c b/mm/shmem.c > index 8e2b35ba93ad..591410dc3541 100644 > --- a/mm/shmem.c > +++ b/mm/shmem.c > @@ -4200,8 +4200,10 @@ static struct file *__shmem_file_setup(struct vfsmount *mnt, const char *name, l > if (!IS_ERR(res)) > res = alloc_file_pseudo(inode, mnt, name, O_RDWR, > &shmem_file_operations); > - if (IS_ERR(res)) > + if (IS_ERR(res)) { > iput(inode); > + shmem_unacct_size(flags, size); > + } > return res; > } > > -- > 2.19.1.3.ge56e4f7 Looks mistaken to me. Is this something you noticed by source inspection, or something you have observed in practice? I haven't tried exercising this path while injecting errors into alloc_file_pseudo(); but what I'd expect to happen is that the iput(inode), which you see already on that error path, will get to evict the inode, which will entail calling shmem_evict_inode(), which does that shmem_unacct_size() itself. Hugh
On 9/21/20 2:49 AM, Hugh Dickins wrote: > On Mon, 21 Sep 2020, Tianjia Zhang wrote: > >> In function __shmem_file_setup(), shmem_unacct_size() is forgotten >> on the failed path, so add it. >> >> Fixes: 93dec2da7b234 ("... and switch shmem_file_setup() to alloc_file_pseudo()") >> Cc: Al Viro <viro@zeniv.linux.org.uk> >> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> >> --- >> mm/shmem.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> >> diff --git a/mm/shmem.c b/mm/shmem.c >> index 8e2b35ba93ad..591410dc3541 100644 >> --- a/mm/shmem.c >> +++ b/mm/shmem.c >> @@ -4200,8 +4200,10 @@ static struct file *__shmem_file_setup(struct vfsmount *mnt, const char *name, l >> if (!IS_ERR(res)) >> res = alloc_file_pseudo(inode, mnt, name, O_RDWR, >> &shmem_file_operations); >> - if (IS_ERR(res)) >> + if (IS_ERR(res)) { >> iput(inode); >> + shmem_unacct_size(flags, size); >> + } >> return res; >> } >> >> -- >> 2.19.1.3.ge56e4f7 > > Looks mistaken to me. > > Is this something you noticed by source inspection, > or something you have observed in practice? > > I haven't tried exercising this path while injecting errors into > alloc_file_pseudo(); but what I'd expect to happen is that the > iput(inode), which you see already on that error path, will get > to evict the inode, which will entail calling shmem_evict_inode(), > which does that shmem_unacct_size() itself. > > Hugh > I noticed by looking at the code. you are right, I neglected this point, thanks for your explanation. Thanks, Tianjia
diff --git a/mm/shmem.c b/mm/shmem.c index 8e2b35ba93ad..591410dc3541 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -4200,8 +4200,10 @@ static struct file *__shmem_file_setup(struct vfsmount *mnt, const char *name, l if (!IS_ERR(res)) res = alloc_file_pseudo(inode, mnt, name, O_RDWR, &shmem_file_operations); - if (IS_ERR(res)) + if (IS_ERR(res)) { iput(inode); + shmem_unacct_size(flags, size); + } return res; }
In function __shmem_file_setup(), shmem_unacct_size() is forgotten on the failed path, so add it. Fixes: 93dec2da7b234 ("... and switch shmem_file_setup() to alloc_file_pseudo()") Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> --- mm/shmem.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)