| Message ID | 1357723959-5416-5-git-send-email-tangchen@cn.fujitsu.com (mailing list archive) |
|---|---|
| State | Awaiting Upstream |
| Headers | show |
On Wed, 9 Jan 2013 17:32:28 +0800 Tang Chen <tangchen@cn.fujitsu.com> wrote: > When (hot)adding memory into system, /sys/firmware/memmap/X/{end, start, type} > sysfs files are created. But there is no code to remove these files. The patch > implements the function to remove them. > > Note: The code does not free firmware_map_entry which is allocated by bootmem. > So the patch makes memory leak. But I think the memory leak size is > very samll. And it does not affect the system. Well that's bad. Can we remember the address of that memory and then reuse the storage if/when the memory is re-added? That at least puts an upper bound on the leak. -- To unsubscribe from this list: send the line "unsubscribe linux-sh" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, 9 Jan 2013 17:32:28 +0800 Tang Chen <tangchen@cn.fujitsu.com> wrote: > From: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com> > > When (hot)adding memory into system, /sys/firmware/memmap/X/{end, start, type} > sysfs files are created. But there is no code to remove these files. The patch > implements the function to remove them. > > Note: The code does not free firmware_map_entry which is allocated by bootmem. > So the patch makes memory leak. But I think the memory leak size is > very samll. And it does not affect the system. > > ... > > +static struct firmware_map_entry * __meminit > +firmware_map_find_entry(u64 start, u64 end, const char *type) > +{ > + struct firmware_map_entry *entry; > + > + spin_lock(&map_entries_lock); > + list_for_each_entry(entry, &map_entries, list) > + if ((entry->start == start) && (entry->end == end) && > + (!strcmp(entry->type, type))) { > + spin_unlock(&map_entries_lock); > + return entry; > + } > + > + spin_unlock(&map_entries_lock); > + return NULL; > +} > > ... > > + entry = firmware_map_find_entry(start, end - 1, type); > + if (!entry) > + return -EINVAL; > + > + firmware_map_remove_entry(entry); > > ... > The above code looks racy. After firmware_map_find_entry() does the spin_unlock() there is nothing to prevent a concurrent firmware_map_remove_entry() from removing the entry, so the kernel ends up calling firmware_map_remove_entry() twice against the same entry. An easy fix for this is to hold the spinlock across the entire lookup/remove operation. This problem is inherent to firmware_map_find_entry() as you have implemented it, so this function simply should not exist in the current form - no caller can use it without being buggy! A simple fix for this is to remove the spin_lock()/spin_unlock() from firmware_map_find_entry() and add locking documentation to firmware_map_find_entry(), explaining that the caller must hold map_entries_lock and must not release that lock until processing of firmware_map_find_entry()'s return value has completed. -- To unsubscribe from this list: send the line "unsubscribe linux-sh" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi Andrew, On 01/10/2013 06:49 AM, Andrew Morton wrote: > On Wed, 9 Jan 2013 17:32:28 +0800 > Tang Chen<tangchen@cn.fujitsu.com> wrote: > >> When (hot)adding memory into system, /sys/firmware/memmap/X/{end, start, type} >> sysfs files are created. But there is no code to remove these files. The patch >> implements the function to remove them. >> >> Note: The code does not free firmware_map_entry which is allocated by bootmem. >> So the patch makes memory leak. But I think the memory leak size is >> very samll. And it does not affect the system. > > Well that's bad. Can we remember the address of that memory and then > reuse the storage if/when the memory is re-added? That at least puts an upper > bound on the leak. I think we can do this. I'll post a new patch to do so. Thanks. :) > > -- To unsubscribe from this list: send the line "unsubscribe linux-sh" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi Andrew, On 01/10/2013 07:19 AM, Andrew Morton wrote: >> ... >> >> + entry = firmware_map_find_entry(start, end - 1, type); >> + if (!entry) >> + return -EINVAL; >> + >> + firmware_map_remove_entry(entry); >> >> ... >> > > The above code looks racy. After firmware_map_find_entry() does the > spin_unlock() there is nothing to prevent a concurrent > firmware_map_remove_entry() from removing the entry, so the kernel ends > up calling firmware_map_remove_entry() twice against the same entry. > > An easy fix for this is to hold the spinlock across the entire > lookup/remove operation. > > > This problem is inherent to firmware_map_find_entry() as you have > implemented it, so this function simply should not exist in the current > form - no caller can use it without being buggy! A simple fix for this > is to remove the spin_lock()/spin_unlock() from > firmware_map_find_entry() and add locking documentation to > firmware_map_find_entry(), explaining that the caller must hold > map_entries_lock and must not release that lock until processing of > firmware_map_find_entry()'s return value has completed. Thank you for your advice, I'll fix it soon. Since you have merged the patch-set, do I need to resend all these patches again, or just send a patch to fix it based on the current one ? Thanks. :) > -- To unsubscribe from this list: send the line "unsubscribe linux-sh" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/firmware/memmap.c b/drivers/firmware/memmap.c index 90723e6..4211da5 100644 --- a/drivers/firmware/memmap.c +++ b/drivers/firmware/memmap.c @@ -21,6 +21,7 @@ #include <linux/types.h> #include <linux/bootmem.h> #include <linux/slab.h> +#include <linux/mm.h> /* * Data types ------------------------------------------------------------------ @@ -79,7 +80,26 @@ static const struct sysfs_ops memmap_attr_ops = { .show = memmap_attr_show, }; + +static inline struct firmware_map_entry * +to_memmap_entry(struct kobject *kobj) +{ + return container_of(kobj, struct firmware_map_entry, kobj); +} + +static void release_firmware_map_entry(struct kobject *kobj) +{ + struct firmware_map_entry *entry = to_memmap_entry(kobj); + + if (PageReserved(virt_to_page(entry))) + /* There is no way to free memory allocated from bootmem */ + return; + + kfree(entry); +} + static struct kobj_type memmap_ktype = { + .release = release_firmware_map_entry, .sysfs_ops = &memmap_attr_ops, .default_attrs = def_attrs, }; @@ -94,6 +114,7 @@ static struct kobj_type memmap_ktype = { * in firmware initialisation code in one single thread of execution. */ static LIST_HEAD(map_entries); +static DEFINE_SPINLOCK(map_entries_lock); /** * firmware_map_add_entry() - Does the real work to add a firmware memmap entry. @@ -118,11 +139,25 @@ static int firmware_map_add_entry(u64 start, u64 end, INIT_LIST_HEAD(&entry->list); kobject_init(&entry->kobj, &memmap_ktype); + spin_lock(&map_entries_lock); list_add_tail(&entry->list, &map_entries); + spin_unlock(&map_entries_lock); return 0; } +/** + * firmware_map_remove_entry() - Does the real work to remove a firmware + * memmap entry. + * @entry: removed entry. + **/ +static inline void firmware_map_remove_entry(struct firmware_map_entry *entry) +{ + spin_lock(&map_entries_lock); + list_del(&entry->list); + spin_unlock(&map_entries_lock); +} + /* * Add memmap entry on sysfs */ @@ -144,6 +179,35 @@ static int add_sysfs_fw_map_entry(struct firmware_map_entry *entry) return 0; } +/* + * Remove memmap entry on sysfs + */ +static inline void remove_sysfs_fw_map_entry(struct firmware_map_entry *entry) +{ + kobject_put(&entry->kobj); +} + +/* + * Search memmap entry + */ + +static struct firmware_map_entry * __meminit +firmware_map_find_entry(u64 start, u64 end, const char *type) +{ + struct firmware_map_entry *entry; + + spin_lock(&map_entries_lock); + list_for_each_entry(entry, &map_entries, list) + if ((entry->start == start) && (entry->end == end) && + (!strcmp(entry->type, type))) { + spin_unlock(&map_entries_lock); + return entry; + } + + spin_unlock(&map_entries_lock); + return NULL; +} + /** * firmware_map_add_hotplug() - Adds a firmware mapping entry when we do * memory hotplug. @@ -196,6 +260,32 @@ int __init firmware_map_add_early(u64 start, u64 end, const char *type) return firmware_map_add_entry(start, end, type, entry); } +/** + * firmware_map_remove() - remove a firmware mapping entry + * @start: Start of the memory range. + * @end: End of the memory range. + * @type: Type of the memory range. + * + * removes a firmware mapping entry. + * + * Returns 0 on success, or -EINVAL if no entry. + **/ +int __meminit firmware_map_remove(u64 start, u64 end, const char *type) +{ + struct firmware_map_entry *entry; + + entry = firmware_map_find_entry(start, end - 1, type); + if (!entry) + return -EINVAL; + + firmware_map_remove_entry(entry); + + /* remove the memmap entry */ + remove_sysfs_fw_map_entry(entry); + + return 0; +} + /* * Sysfs functions ------------------------------------------------------------- */ @@ -217,8 +307,10 @@ static ssize_t type_show(struct firmware_map_entry *entry, char *buf) return snprintf(buf, PAGE_SIZE, "%s\n", entry->type); } -#define to_memmap_attr(_attr) container_of(_attr, struct memmap_attribute, attr) -#define to_memmap_entry(obj) container_of(obj, struct firmware_map_entry, kobj) +static inline struct memmap_attribute *to_memmap_attr(struct attribute *attr) +{ + return container_of(attr, struct memmap_attribute, attr); +} static ssize_t memmap_attr_show(struct kobject *kobj, struct attribute *attr, char *buf) diff --git a/include/linux/firmware-map.h b/include/linux/firmware-map.h index 43fe52f..71d4fa7 100644 --- a/include/linux/firmware-map.h +++ b/include/linux/firmware-map.h @@ -25,6 +25,7 @@ int firmware_map_add_early(u64 start, u64 end, const char *type); int firmware_map_add_hotplug(u64 start, u64 end, const char *type); +int firmware_map_remove(u64 start, u64 end, const char *type); #else /* CONFIG_FIRMWARE_MEMMAP */ @@ -38,6 +39,11 @@ static inline int firmware_map_add_hotplug(u64 start, u64 end, const char *type) return 0; } +static inline int firmware_map_remove(u64 start, u64 end, const char *type) +{ + return 0; +} + #endif /* CONFIG_FIRMWARE_MEMMAP */ #endif /* _LINUX_FIRMWARE_MAP_H */ diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index 69d62eb..9fd5904 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1461,7 +1461,7 @@ static int is_memblock_offlined_cb(struct memory_block *mem, void *arg) return ret; } -int remove_memory(u64 start, u64 size) +int __ref remove_memory(u64 start, u64 size) { unsigned long start_pfn, end_pfn; int ret = 0; @@ -1511,6 +1511,9 @@ repeat: return ret; } + /* remove memmap entry */ + firmware_map_remove(start, start + size, "System RAM"); + unlock_memory_hotplug(); return 0;