Commit c5c99429 authored by Larry Woodman's avatar Larry Woodman Committed by Linus Torvalds
Browse files

fix hugepages leak due to pagetable page sharing

The shared page table code for hugetlb memory on x86 and x86_64
is causing a leak.  When a user of hugepages exits using this code
the system leaks some of the hugepages.

Part of /proc/meminfo just before database startup:
HugePages_Total:  5500
HugePages_Free:   5500
HugePages_Rsvd:      0
Hugepagesize:     2048 kB

Just before shutdown:
HugePages_Total:  5500
HugePages_Free:   4475
HugePages_Rsvd:      0
Hugepagesize:     2048 kB

After shutdown:
HugePages_Total:  5500
HugePages_Free:   4988
0 Hugepagesize:     2048 kB

The problem occurs durring a fork, in copy_hugetlb_page_range().  It
locates the dst_pte using huge_pte_alloc().  Since huge_pte_alloc() calls
huge_pmd_share() it will share the pmd page if can, yet the main loop in
copy_hugetlb_page_range() does a get_page() on every hugepage.  This is a
violation of the shared hugepmd pagetable protocol and creates additional
referenced to the hugepages causing a leak when the unmap of the VMA
occurs.  We can skip the entire replication of the ptes when the hugepage
pagetables are shared.  The attached patch skips copying the ptes and the
get_page() calls if the hugetlbpage pagetable is shared.

[ coding-style cleanups]
Signed-off-by: default avatarLarry Woodman <>
Signed-off-by: default avatarAdam Litke <>
Cc: Badari Pulavarty <>
Cc: Ken Chen <>
Cc: David Gibson <>
Cc: William Lee Irwin III <>
Signed-off-by: default avatarAndrew Morton <>
Signed-off-by: default avatarLinus Torvalds <>
parent c2f3dabe
...@@ -699,6 +699,11 @@ int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src, ...@@ -699,6 +699,11 @@ int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src,
dst_pte = huge_pte_alloc(dst, addr); dst_pte = huge_pte_alloc(dst, addr);
if (!dst_pte) if (!dst_pte)
goto nomem; goto nomem;
/* If the pagetables are shared don't copy or take references */
if (dst_pte == src_pte)
spin_lock(&dst->page_table_lock); spin_lock(&dst->page_table_lock);
spin_lock(&src->page_table_lock); spin_lock(&src->page_table_lock);
if (!pte_none(*src_pte)) { if (!pte_none(*src_pte)) {
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment