[patch 1/3] mm: fix pageref leak in do_swap_page()

From: Johannes Weiner
Date: Mon Apr 20 2009 - 16:26:37 EST

Next message: Johannes Weiner: "[patch 2/3][rfc] swap: try to reuse freed slots in the allocation area"
Previous message: Johannes Weiner: "[patch 3/3][rfc] vmscan: batched swap slot allocation"
Next in thread: Johannes Weiner: "[patch 3/3][rfc] vmscan: batched swap slot allocation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

By the time the memory cgroup code is notified about a swapin we
already hold a reference on the fault page.

If the cgroup callback fails make sure to unlock AND release the page
or we leak the reference.

Signed-off-by: Johannes Weiner <hannes@xxxxxxxxxxx>
Cc: Balbir Singh <balbir@xxxxxxxxxxxxxxxxxx>
---
mm/memory.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/mm/memory.c b/mm/memory.c
index 366dab5..db126b6 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -2536,8 +2536,7 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,

if (mem_cgroup_try_charge_swapin(mm, page, GFP_KERNEL, &ptr)) {
ret = VM_FAULT_OOM;
- unlock_page(page);
- goto out;
+ goto out_page;
}

/*
@@ -2599,6 +2598,7 @@ out:
out_nomap:
mem_cgroup_cancel_charge_swapin(ptr);
pte_unmap_unlock(page_table, ptl);
+out_page:
unlock_page(page);
page_cache_release(page);
return ret;
--
1.6.2.1.135.gde769

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Johannes Weiner: "[patch 2/3][rfc] swap: try to reuse freed slots in the allocation area"
Previous message: Johannes Weiner: "[patch 3/3][rfc] vmscan: batched swap slot allocation"
Next in thread: Johannes Weiner: "[patch 3/3][rfc] vmscan: batched swap slot allocation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]