[PATCH] perf: rework memory accounting in perf_mmap()

Wed, 04 Sep 2019 14:46:43 -0700 

perf_mmap() always increases user->locked_vm. As a result, "extra" could
grow bigger than "user_extra", which doesn't make sense. Here is an
example case:

Note: Assume "user_lock_limit" is very small.
| # of perf_mmap calls |vma->vm_mm->pinned_vm|user->locked_vm|
| 0                    | 0                   | 0             |
| 1                    | user_extra          | user_extra    |
| 2                    | 3 * user_extra      | 2 * user_extra|
| 3                    | 6 * user_extra      | 3 * user_extra|
| 4                    | 10 * user_extra     | 4 * user_extra|

Fix this by maintaining proper user_extra and extra.

Reported-by: Hechao Li <hech...@fb.com>
Cc: Jie Meng <jm...@fb.com>
Cc: Peter Zijlstra <pet...@infradead.org>
Signed-off-by: Song Liu <songliubrav...@fb.com>
---
 kernel/events/core.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index 0463c1151bae..a0120bdbce17 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -5585,7 +5585,8 @@ static void perf_mmap_close(struct vm_area_struct *vma)
         * undo the VM accounting.
         */
 
-       atomic_long_sub((size >> PAGE_SHIFT) + 1, &mmap_user->locked_vm);
+       atomic_long_sub((size >> PAGE_SHIFT) + 1 - mmap_locked,
+                       &mmap_user->locked_vm);
        atomic64_sub(mmap_locked, &vma->vm_mm->pinned_vm);
        free_uid(mmap_user);
 
@@ -5729,8 +5730,20 @@ static int perf_mmap(struct file *file, struct 
vm_area_struct *vma)
 
        user_locked = atomic_long_read(&user->locked_vm) + user_extra;
 
-       if (user_locked > user_lock_limit)
+       if (user_locked <= user_lock_limit) {
+               /* charge all to locked_vm */
+       } else if (atomic_long_read(&user->locked_vm) >= user_lock_limit) {
+               /* charge all to pinned_vm */
+               extra = user_extra;
+               user_extra = 0;
+       } else {
+               /*
+                * charge locked_vm until it hits user_lock_limit;
+                * charge the rest from pinned_vm
+                */
                extra = user_locked - user_lock_limit;
+               user_extra -= extra;
+       }
 
        lock_limit = rlimit(RLIMIT_MEMLOCK);
        lock_limit >>= PAGE_SHIFT;
-- 
2.17.1

Reply via email to