| Message ID | 1706040282-12388-1-git-send-email-prakash.sangappa@oracle.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v3] Hugetlb pages should not be reserved by shmat() if SHM_NORESERVE | expand |
On 2024/1/24 04:04, Prakash Sangappa wrote: > For shared memory of type SHM_HUGETLB, hugetlb pages are reserved in > shmget() call. If SHM_NORESERVE flags is specified then the hugetlb > pages are not reserved. However when the shared memory is attached > with the shmat() call the hugetlb pages are getting reserved incorrectly > for SHM_HUGETLB shared memory created with SHM_NORESERVE which is a bug. > > ------------------------------- > Following test shows the issue. > > $cat shmhtb.c > > int main() > { > int shmflags = 0660 | IPC_CREAT | SHM_HUGETLB | SHM_NORESERVE; > int shmid; > > shmid = shmget(SKEY, SHMSZ, shmflags); > if (shmid < 0) > { > printf("shmat: shmget() failed, %d\n", errno); > return 1; > } > printf("After shmget()\n"); > system("cat /proc/meminfo | grep -i hugepages_"); > > shmat(shmid, NULL, 0); > printf("\nAfter shmat()\n"); > system("cat /proc/meminfo | grep -i hugepages_"); > > shmctl(shmid, IPC_RMID, NULL); > return 0; > } > > #sysctl -w vm.nr_hugepages=20 > #./shmhtb > > After shmget() > HugePages_Total: 20 > HugePages_Free: 20 > HugePages_Rsvd: 0 > HugePages_Surp: 0 > > After shmat() > HugePages_Total: 20 > HugePages_Free: 20 > HugePages_Rsvd: 5 <-- > HugePages_Surp: 0 > -------------------------------- > > Fix is to ensure that hugetlb pages are not reserved for SHM_HUGETLB shared > memory in the shmat() call. > Signed-off-by: Prakash Sangappa <prakash.sangappa@oracle.com> BTW, it is better to add a Fixes tag to specify which commit that this commit aims to fix. Acked-by: Muchun Song <muchun.song@linux.dev> Thanks.
On Wed, 24 Jan 2024 15:03:15 +0800 Muchun Song <muchun.song@linux.dev> wrote: > > Fix is to ensure that hugetlb pages are not reserved for SHM_HUGETLB shared > > memory in the shmat() call. > > Signed-off-by: Prakash Sangappa <prakash.sangappa@oracle.com> > > BTW, it is better to add a Fixes tag to specify which commit > that this commit aims to fix. s/better/essential/ However this issue appears to pass the "been there forever" test, so I'll send it to Linus as-is.
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index f757d4f..40b12b0 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -100,6 +100,7 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) loff_t len, vma_len; int ret; struct hstate *h = hstate_file(file); + vm_flags_t vm_flags; /* * vma address alignment (but not the pgoff alignment) has @@ -141,10 +142,20 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) file_accessed(file); ret = -ENOMEM; + + vm_flags = vma->vm_flags; + /* + * for SHM_HUGETLB, the pages are reserved in the shmget() call so skip + * reserving here. Note: only for SHM hugetlbfs file, the inode + * flag S_PRIVATE is set. + */ + if (inode->i_flags & S_PRIVATE) + vm_flags |= VM_NORESERVE; + if (!hugetlb_reserve_pages(inode, vma->vm_pgoff >> huge_page_order(h), len >> huge_page_shift(h), vma, - vma->vm_flags)) + vm_flags)) goto out; ret = 0;
For shared memory of type SHM_HUGETLB, hugetlb pages are reserved in shmget() call. If SHM_NORESERVE flags is specified then the hugetlb pages are not reserved. However when the shared memory is attached with the shmat() call the hugetlb pages are getting reserved incorrectly for SHM_HUGETLB shared memory created with SHM_NORESERVE which is a bug. ------------------------------- Following test shows the issue. $cat shmhtb.c int main() { int shmflags = 0660 | IPC_CREAT | SHM_HUGETLB | SHM_NORESERVE; int shmid; shmid = shmget(SKEY, SHMSZ, shmflags); if (shmid < 0) { printf("shmat: shmget() failed, %d\n", errno); return 1; } printf("After shmget()\n"); system("cat /proc/meminfo | grep -i hugepages_"); shmat(shmid, NULL, 0); printf("\nAfter shmat()\n"); system("cat /proc/meminfo | grep -i hugepages_"); shmctl(shmid, IPC_RMID, NULL); return 0; } #sysctl -w vm.nr_hugepages=20 #./shmhtb After shmget() HugePages_Total: 20 HugePages_Free: 20 HugePages_Rsvd: 0 HugePages_Surp: 0 After shmat() HugePages_Total: 20 HugePages_Free: 20 HugePages_Rsvd: 5 <-- HugePages_Surp: 0 -------------------------------- Fix is to ensure that hugetlb pages are not reserved for SHM_HUGETLB shared memory in the shmat() call. Signed-off-by: Prakash Sangappa <prakash.sangappa@oracle.com> --- v2: Modifed fix to call hugetlb_reserve_pages() with VM_NORESERVE instead as per vma lock is allocated in hugetlb_reserve_pages(). v3: Updated change log to describe user visible effect of the bug with a test case, as suggested by Andrew Morton. fs/hugetlbfs/inode.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-)