mm/rmap: fix new bug: premature return from page_mlock_one()

In the unlikely race case that page_mlock_one() finds VM_LOCKED has been cleared by the time it got page table lock, page_vma_mapped_walk_done() must be called before returning, either explicitly, or by a final call to page_vma_mapped_walk() - otherwise the page table remains locked. Fixes: cd62734 ("mm/rmap: split try_to_munlock from try_to_unmap") Signed-off-by: Hugh Dickins <[email protected]> Reviewed-by: Alistair Popple <[email protected]> Reviewed-by: Shakeel Butt <[email protected]> Reported-by: kernel test robot <[email protected]> Link: https://lore.kernel.org/lkml/20210711151446.GB4070@xsang-OptiPlex-9020/ Link: https://lore.kernel.org/lkml/[email protected]/ Cc: Andrew Morton <[email protected]> Cc: Jason Gunthorpe <[email protected]> Cc: Ralph Campbell <[email protected]> Cc: Christoph Hellwig <[email protected]> Cc: Yang Shi <[email protected]> Cc: Kirill A. Shutemov <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
ambv · Jul 11, 2021 · 023e1a8 · 023e1a8
1 parent d9770fc
commit 023e1a8
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/mm/rmap.c b/mm/rmap.c
@@ -1990,14 +1990,13 @@ static bool page_mlock_one(struct page *page, struct vm_area_struct *vma,
 			 * this function is never called when PageDoubleMap().
 			 */
 			mlock_vma_page(page);
+			/*
+			 * No need to scan further once the page is marked
+			 * as mlocked.
+			 */
 			page_vma_mapped_walk_done(&pvmw);
+			return false;
 		}
-
-		/*
-		 * no need to continue scanning other vma's if the page has
-		 * been locked.
-		 */
-		return false;
 	}
 
 	return true;