Re: pte_chain leak in rmap code (2.5.31)

From: Andrew Morton (akpm@zip.com.au)
Date: Mon Aug 12 2002 - 22:13:25 EST


Rik van Riel wrote:
>
> On Mon, 12 Aug 2002, Thomas Molina wrote:
> > On Mon, 12 Aug 2002, Rik van Riel wrote:
> > > On Mon, 12 Aug 2002, Christian Ehrhardt wrote:
> > >
> > > > Note the strange use of continue and break which both achieve the same!
> > > > What was meant to happen (judging from rmap-13c) is that we break
> > > Excellent hunting! Thank you!
> > Any chance this is the cause of the following?
>
> Yes, quite possible.
>

Well Adam reported it against the patched version, in which
is appears that I accidentally fixed that bug. So we may
yet have a problem:

        for (pc = start; pc; pc = next_pc) {
                int i;

                next_pc = pc->next;
                if (next_pc)
                        prefetch(next_pc);
                for (i = 0; i < NRPTE; i++) {
                        pte_t *p = pc->ptes[i];

                        if (!p)
                                continue;
                        if (victim_i == -1)
                                victim_i = i;

                        switch (try_to_unmap_one(page, p)) {
                        case SWAP_SUCCESS:
                                /*
                                 * Release a slot. If we're releasing the
                                 * first pte in the first pte_chain then
                                 * pc->ptes[i] and start->ptes[victim_i] both
                                 * refer to the same thing. It works out.
                                 */
                                pc->ptes[i] = start->ptes[victim_i];
                                start->ptes[victim_i] = NULL;
                                dec_page_state(nr_reverse_maps);
                                victim_i++;
                                if (victim_i == NRPTE) {
                                        page->pte.chain = start->next;
                                        pte_chain_free(start);
                                        start = page->pte.chain;
                                        victim_i = 0;
                                }
                                break;
                        case SWAP_AGAIN:
                                /* Skip this pte, remembering status. */
                                ret = SWAP_AGAIN;
                                continue;
                        case SWAP_FAIL:
                                ret = SWAP_FAIL;
                                goto out;
                        case SWAP_ERROR:
                                ret = SWAP_ERROR;
                                goto out;
                        }
                }
        }
out:
        return ret;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Aug 15 2002 - 22:00:30 EST