[PATCH] rmap bugfix, try_to_unmap

The following patch corrects a bug where rmap would continue trying to swap out a page even after it failed on one pte, which could result in leaked pte chains and a bug when exiting applications which use mlock(). The bug was tracked down by Christian Ehrhardt, the reason it wasn't found earlier was a subtlety in the code, so I've taken the liberty of changing Christian's patch into something more explicit, we shouldn't let this one happen again ;)

[PATCH] rmap bugfix, try_to_unmap
The following patch corrects a bug where rmap would continue trying to swap out a page even after it failed on one pte, which could result in leaked pte chains and a bug when exiting applications which use mlock(). The bug was tracked down by Christian Ehrhardt, the reason it wasn't found earlier was a subtlety in the code, so I've taken the liberty of changing Christian's patch into something more explicit, we shouldn't let this one happen again ;)
9b7187ff · Rik van Riel · Linus Torvalds · e9ea9aac · 9b7187ff
Commit 9b7187ff authored Aug 12, 2002 by Rik van Riel Committed by Linus Torvalds Aug 12, 2002
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

mm/rmap.c mm/rmap.c +4 -3

No files found.
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -328,7 +328,7 @@ int try_to_unmap(struct page * page)
 				case SWAP_SUCCESS:
 					/* Free the pte_chain struct. */
 					pte_chain_free(pc, prev_pc, page);
-					break;
+					continue;
 				case SWAP_AGAIN:
 					/* Skip this pte, remembering status. */
 					prev_pc = pc;
@@ -336,12 +336,13 @@ int try_to_unmap(struct page * page)
 					continue;
 				case SWAP_FAIL:
 					ret = SWAP_FAIL;
-					break;
+					goto give_up;
 				case SWAP_ERROR:
 					ret = SWAP_ERROR;
-					break;
+					goto give_up;
 			}
 		}
+give_up:
 		/* Check whether we can convert to direct pte pointer */
 		pc = page->pte.chain;
 		if (pc && !pc->next) {