From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A627C47258 for ; Thu, 25 Jan 2024 18:30:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A78926B0088; Thu, 25 Jan 2024 13:30:10 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A00F66B0089; Thu, 25 Jan 2024 13:30:10 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8A0F76B008C; Thu, 25 Jan 2024 13:30:10 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 75BF86B0088 for ; Thu, 25 Jan 2024 13:30:10 -0500 (EST) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 46C78C0359 for ; Thu, 25 Jan 2024 18:30:10 +0000 (UTC) X-FDA: 81718672980.25.9C90807 Received: from mail-io1-f54.google.com (mail-io1-f54.google.com [209.85.166.54]) by imf30.hostedemail.com (Postfix) with ESMTP id 8131480027 for ; Thu, 25 Jan 2024 18:30:08 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=IBR8rfwo; spf=pass (imf30.hostedemail.com: domain of nphamcs@gmail.com designates 209.85.166.54 as permitted sender) smtp.mailfrom=nphamcs@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706207408; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ZDjqEa67xyb4l1N2TN+AplDaR+Q7JyAPtlhYu3ePq5w=; b=Sn1T1kVfz5uNFhCdV+VgxVMgye486CWZ2efVeWKYpiPaBKB7+N/OvOVE2DOjSAb/fgpy6b dvlntgQJl/2TWBUac3rX4YTL3qe/p72cPKOaF5WI7KMZHrcO3G6lUlDQ2gTBjRWghA9h9U r85Wp4DfUob2zX7BnnOUJKclvREIPJ0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706207408; a=rsa-sha256; cv=none; b=vl3V2X839FC0EZF4t9f9/qyNX8GnQzm1qijBmwCbjiFdw3casu0wQrkMXNRaHIW1mcovEN ESkv/NadNVoHJ0Q0nvLawx0PUxL513UgZsq8uVv39QyU/LPnZJUvdxy8rZs7BdXAb8ZzlV SSqUsYJGiaah4kCDQZfYjzj72xOnimw= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=IBR8rfwo; spf=pass (imf30.hostedemail.com: domain of nphamcs@gmail.com designates 209.85.166.54 as permitted sender) smtp.mailfrom=nphamcs@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-io1-f54.google.com with SMTP id ca18e2360f4ac-7bade847536so268526639f.0 for ; Thu, 25 Jan 2024 10:30:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706207407; x=1706812207; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=ZDjqEa67xyb4l1N2TN+AplDaR+Q7JyAPtlhYu3ePq5w=; b=IBR8rfworqcdGpSf9pgk1xcJ2hyy0egKqbKbN6keN0obFq+oBtt+JXEjSWY5jswboO 8wOPymJfUyl4JdfqY8lmVppbWPyCS8+YSDB/P5AOGhgU0LUjoFmyctUe5mGFUHSwXWLt rBfOJyz66ifhRsXy2qkAQ0tXETWIlVketVC0TlRRUGGRFY7xSTFV7SodYgvXvlxzdX/a Cz/Qu1/cnNjgkaSpAlKsdr/xegqnRXegWSN5/T9GbivJ47GUxK4sH7k2rqn6Lf4y/cgr xzA1zkQbbj1txrngU6YYjNW5BcP8qsInc8a56K2QtOL6lB94T57VdRsxVvZm7GyVsK/w NW8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706207407; x=1706812207; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZDjqEa67xyb4l1N2TN+AplDaR+Q7JyAPtlhYu3ePq5w=; b=EP2DtEYja54seCzBpCIXEkAmVYalOJiJb4NeeLcpr6UHkGgZuXn++p095N2xoMlqEB li8ul3Tmfs7vvwW1+FqNTPcBvp6wbjGUKVWZTtBzwp3XaAP8S/QXMurQE29n6deb2iW7 CbL1v3bm+NoH4HUIcMgrclllisceN5o/co2Nn6LTY22Uzin768Qj7AVUd8x8lOWBF9KI gXmb23b3QQsEOjqZMzS25ub/liR60Nu3QFGXTj3S90umKA7TJ1zY9Evbz9LTCpGmAR0J OTbujCBNOfeVy97st43BSrPdmx6d4Y4r8iyokv5VEvflD+L3IjIP4WP5A3GPGcHJVGSp G9Wg== X-Gm-Message-State: AOJu0YysWdl7fhD23n4Q3y3ExIM8yHtkFQyFD1JrAF8PqB/TljrL1b5T dZGv/28SZahH0ykjXknGeGGZtKTOvABzHRHfFqX+5gIWSMimOgg1csbze8b0W9toFtDWdLKcmov yzvZxO8ttOLc0/o0kMP6yi0o3hgE= X-Google-Smtp-Source: AGHT+IEwqeFlizQUS4uC69QekJVT/vm3JE+6/ph22uTAcYW+xjF+tKz2hPnOgQjzybDwL1+5W6uhPpA0dCvaSCexRHQ= X-Received: by 2002:a05:6602:114:b0:7bf:246b:1416 with SMTP id s20-20020a056602011400b007bf246b1416mr177822iot.28.1706207407526; Thu, 25 Jan 2024 10:30:07 -0800 (PST) MIME-Version: 1.0 References: <20240125085127.1327013-1-yosryahmed@google.com> In-Reply-To: <20240125085127.1327013-1-yosryahmed@google.com> From: Nhat Pham Date: Thu, 25 Jan 2024 10:29:56 -0800 Message-ID: Subject: Re: [PATCH] mm: zswap: fix missing folio cleanup in writeback race path To: Yosry Ahmed Cc: Andrew Morton , Johannes Weiner , Chengming Zhou , Domenico Cerasuolo , linux-mm@kvack.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: nubaded6o3qzfehb941jqmr13qtne3db X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 8131480027 X-Rspam-User: X-HE-Tag: 1706207408-516935 X-HE-Meta: U2FsdGVkX1+alc9jHrtsKQVFsWzxx1MVvwMzIPPyvbMxRamg9AYgAjQ4XXu5rSXpznNgTqHv7KUOx04R7Mi3rYtDyeg7BCGmd5iZsXzOSJqM0WkHLUGM7UAQoa6qrCBzvcLRvzhyZpt1UNRR8cAvDjf6PMayBG2keCOfiLH+Sj9Fw5E+d14ywuqDRGWp8orN6ZBVgRdDXmQcF57VtnqnC8zXubLl12EkcvH5EZnFfh5Vgsyhs4fWecTCKOj/oTN+ksrvdZWDwENNvfnRVDTp/ijPfEqO3Wz8XgaRuulLtD7VqWVyyHEK8RZb4uJtNB85Fm9zEFhcAlijkm0vbkp4Mlv9l7nrBfCXgMGSBlfnD09/zN2JOlbZCt49v21iDpltq6K3UdbVqzW/yKWrhViRAE1LvDmT4T/UuFTX2kBkIkDE5HPSveqzw6ztZVOB6TK9KaGpo+Qwp2kJE80nAU3Bdd5rFyucO+78AdtvZ9kh5Nx6011KL19hX5BK/bmiB9Ap3YKafoyvXfwUW0kuOJnjvo2XiWMFBB7rb3Jqqe0lmvlmQ94bUlPYHQlHz1R904TjpCHIbZ86NB4a1ZEqWe0Iegskdnc+YiAWlzw14y4+hKT7od+sKZqtvUK5BX/vNlTMxMllI7v6RPwMn3CVify4mFBkcJnP5de+opiSD+N8m2Yzz6Kxfm/VR6leewWKdzaIXfeBk2XSDe/GDHONb8gAQvOatqykGfPm2k8Ku5mT7voeesYy4mjlcrt93vKBzx5GveDCh3pP7tAOYhJ3aGvijH4JnZ8H1iQKYXOI87L/GhYS6jseUQSkW60pbdUxqh7DtuGoElfTJwEhZi/JLKItVnhz02bW3nFM5uCkB1iMz2QByKhNsctS0Hx65BCHtfaA1/PDahOsXSmhTvmuCrnjkLRuaKpN085OBVGYtF+b/NkqguqVUht+yvhc7XLpRDyJasCU+Ju2z4Ti59XZH9h 14SzhTBF XaEWblCgVDxx9dldCKFtpgwAQbS7XwfOrhGf1lTTeTGYeNDAiOlI9Il133GzqMVSv/qVaDDICn+AeydKitPdD5PypnZrMLspP7mXaGnqc7jQzifSbvzptFDJjaGN0LD3nniV4AaxldUbB6RqEOlWzPfC10wp0Evtl96Y52JP64zw6xmlmBdHiJzCdiW/hZlK/mvgHzbgJCVQxxQ/b6B81t5ZZ3GKk/tUt1npQY5GZTiITIwhVCJl0JIsSMpXNHXYubVbJetPjO3w1DV056ZR8xBBuPkRmZv1RsCaNpVV+Lu/Kr0POoVV36sfiGiC8pMUW/xqIrpFG30CH6EDr6zK/7U9lHFQpWWu9fhu/lU/arQJr0rQh9juhNFTFWWE0t/arZXFeBxi75TJrbKoBiCRxmQVXtDV7GrHctjFuX23SkV2+9nPyYa7up8gTn0Ha0hZyGh+rk066iytZcr9hPIvSMDh8F8mcFvT8IZmr X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Jan 25, 2024 at 12:51=E2=80=AFAM Yosry Ahmed wrote: > > In zswap_writeback_entry(), after we get a folio from > __read_swap_cache_async(), we grab the tree lock again to check that the > swap entry was not invalidated and recycled. If it was, we delete the > folio we just added to the swap cache and exit. > > However, __read_swap_cache_async() returns the folio locked when it is > newly allocated, which is always true for this path, and the folio is > ref'd. Make sure to unlock and put the folio before returning. > > This was discovered by code inspection, probably because this path > handles a race condition that should not happen often, and the bug would > not crash the system, it will only strand the folio indefinitely. > > Fixes: 04fc7816089c ("mm: fix zswap writeback race condition") > Cc: stable@vger.kernel.org > Signed-off-by: Yosry Ahmed > --- > mm/zswap.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/mm/zswap.c b/mm/zswap.c > index 8f4a7efc2bdae..00e90b9b5417d 100644 > --- a/mm/zswap.c > +++ b/mm/zswap.c > @@ -1448,6 +1448,8 @@ static int zswap_writeback_entry(struct zswap_entry= *entry, > if (zswap_rb_search(&tree->rbroot, swp_offset(entry->swpentry)) != =3D entry) { > spin_unlock(&tree->lock); > delete_from_swap_cache(folio); > + folio_unlock(folio); > + folio_put(folio); > return -ENOMEM; > } > spin_unlock(&tree->lock); > -- > 2.43.0.429.g432eaa2c6b-goog > Oof. Yeah this is probably rare IRL (that looks like a very specific race condition), and the symptoms are rather subtle (no kernel crash). LGTM. Reviewed-by: Nhat Pham