On Fri, Dec 20, 2013 at 04:45:38AM +0900, Linus Torvalds wrote: > On Fri, Dec 20, 2013 at 4:26 AM, Benjamin LaHaise <b...@kvack.org> wrote: > > > > Okay, I'll rewriting it to use truncate to free the pages. > > It already does that in put_aio_ring_file() afaik. No?
Yes, that's what I found when I started looking into this in detail again. I think the page reference counting is actually correct. There are 2 references on each page: the first is from the find_or_create_page() call, and the second is from the get_user_pages() (which also makes sure the page is populated into the page tables). The only place I can see things going off the rails is if the get_user_pages() call fails. It's possible trinity could be arranging things so that the get_user_pages() call is failing somehow. Also, if it were a double free of a page, we should at least get a VM_BUG() occuring when the page's count is 0. Dave -- do you have CONFIG_DEBUG_VM on in your test rig? > Linus -- "Thought is the essence of where you are now." -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
