Re: pte_chain leak in rmap code (2.5.31)

Andrew Morton (akpm@zip.com.au)
Mon, 12 Aug 2002 20:13:25 -0700


Rik van Riel wrote:
>
> On Mon, 12 Aug 2002, Thomas Molina wrote:
> > On Mon, 12 Aug 2002, Rik van Riel wrote:
> > > On Mon, 12 Aug 2002, Christian Ehrhardt wrote:
> > >
> > > > Note the strange use of continue and break which both achieve the same!
> > > > What was meant to happen (judging from rmap-13c) is that we break
> > > Excellent hunting! Thank you!
> > Any chance this is the cause of the following?
>
> Yes, quite possible.
>

Well Adam reported it against the patched version, in which
is appears that I accidentally fixed that bug. So we may
yet have a problem:

for (pc = start; pc; pc = next_pc) {
int i;

next_pc = pc->next;
if (next_pc)
prefetch(next_pc);
for (i = 0; i < NRPTE; i++) {
pte_t *p = pc->ptes[i];

if (!p)
continue;
if (victim_i == -1)
victim_i = i;

switch (try_to_unmap_one(page, p)) {
case SWAP_SUCCESS:
/*
* Release a slot. If we're releasing the
* first pte in the first pte_chain then
* pc->ptes[i] and start->ptes[victim_i] both
* refer to the same thing. It works out.
*/
pc->ptes[i] = start->ptes[victim_i];
start->ptes[victim_i] = NULL;
dec_page_state(nr_reverse_maps);
victim_i++;
if (victim_i == NRPTE) {
page->pte.chain = start->next;
pte_chain_free(start);
start = page->pte.chain;
victim_i = 0;
}
break;
case SWAP_AGAIN:
/* Skip this pte, remembering status. */
ret = SWAP_AGAIN;
continue;
case SWAP_FAIL:
ret = SWAP_FAIL;
goto out;
case SWAP_ERROR:
ret = SWAP_ERROR;
goto out;
}
}
}
out:
return ret;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/