From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73745C021B5 for ; Sat, 22 Feb 2025 17:33:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AF65D6B007B; Sat, 22 Feb 2025 12:33:07 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id AA5C86B0082; Sat, 22 Feb 2025 12:33:07 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 96CCF6B0083; Sat, 22 Feb 2025 12:33:07 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 78ACF6B007B for ; Sat, 22 Feb 2025 12:33:07 -0500 (EST) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id F1498A3CB9 for ; Sat, 22 Feb 2025 17:33:06 +0000 (UTC) X-FDA: 83148276372.19.ABCED27 Received: from mail-lf1-f44.google.com (mail-lf1-f44.google.com [209.85.167.44]) by imf29.hostedemail.com (Postfix) with ESMTP id 06E03120010 for ; Sat, 22 Feb 2025 17:33:04 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=BKJWVMQX; spf=pass (imf29.hostedemail.com: domain of ryncsn@gmail.com designates 209.85.167.44 as permitted sender) smtp.mailfrom=ryncsn@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1740245585; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=47sGTs/t4bka1RfwAawdwjzt2bTO96camy2ouwRUtfo=; b=SYhlFgCJnjs+mrTx8ZKpPweJHBVp/kieYCaHqb6btKi07rOuuismMldG9zlOdDJDPqvS6X 24wJ2afKJBbM7UmvD90Fcj4la//T887kwbjFfzF7jEUCdeYccGRV9Y6E141wfXXe5+UtEl 4cwqfw08i6hUWgOzUIk/MQtyIxleEWM= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=BKJWVMQX; spf=pass (imf29.hostedemail.com: domain of ryncsn@gmail.com designates 209.85.167.44 as permitted sender) smtp.mailfrom=ryncsn@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1740245585; a=rsa-sha256; cv=none; b=xBquHvZNe3dUVLnoD8gDNeRso4wQNsy3RVtZryinsle4Gx8dCQSi+IV9SEWC9GuDPEE5Gj ZOmh1eKHJt4dtqP4Iodno1fWx8ITBRyqQjSgs4xSWsRaSVfhN3IuFGTi//W4swyA2o+vpq E4gO0wC7YLNmhi3qiJ9//+TJsIqPxQ0= Received: by mail-lf1-f44.google.com with SMTP id 2adb3069b0e04-5452efeb87aso3147151e87.3 for ; Sat, 22 Feb 2025 09:33:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740245583; x=1740850383; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=47sGTs/t4bka1RfwAawdwjzt2bTO96camy2ouwRUtfo=; b=BKJWVMQXzJhTqYrpx+V1/q7CMJMf3y0J3jeNK4PXx9z7Poc3MKqNdQs6acbVjX+8IB 4dKqWKnuGHvzSv3fIXKfmBKZhebyE1UYzwQVN6cNwIesjL6YjfBVvKjyc+zkUoOzcuUJ kgOvANmkARDv+PP1t87mLiLRYkC60nx5Ms8Gui8yW2mJURiSVbWSVFL7SVIiOeAA7YHw +kaoZ1Ktf31kN4vLFlhz3YfNB2Ti3CWQtqKsYxKGFzmMJDUBHYKx8Yov2ehbmDai6Rqo xmJC1UoB5TJ8ugJIWLp5iPLkBmkRlkZriOOdG0m4HWHZsD5FEOTJwtHou3U0joys0oBk fYrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740245583; x=1740850383; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=47sGTs/t4bka1RfwAawdwjzt2bTO96camy2ouwRUtfo=; b=jbMMWZp4cA5Q1SQULMS+X561Zbi0TE7vdZ9SfVDpcVfw/ydMs8J8x+zaY75gY17a1k /UkOvbnyghbTPRY1Lzn71HWQ89nk4OcRiJ2VNCEi3aKxZtFI9wqwZKuUER5HksddOctp T+CN2z3dWplxzL028+d+Terzmt5AWc3sUB7Ow22T2V3YgDY98W2bttn85j4on6V7W6iU KvKw/hdslCo8u/JfrzANDbvZJ/bXGKNkPzAdJO/CoHTITwHoKQpsmFiePUN484hH3KRQ Hgv/q+y5kwVlUH2HRv1kZ91leYVIkK8AGOgs5RUkThPyY0iiqYw3FacLWuPXKAanEUM3 1b6w== X-Forwarded-Encrypted: i=1; AJvYcCU5+SmEu9Cf9XR7bsZkqtBbwmdkfX9SL0UOXUgJr73wX4p8uX5MweR0reVt+GDfiVHeCfBSpYtPYA==@kvack.org X-Gm-Message-State: AOJu0Yw2+UVYNdSLCoAq/jAMEfkdU2zJlq8766AWJCLNhsrYiGA1pIni NqAcNde1A1sc8nFVGVbJM6M54caR0vKquDkjlvCpsqSSS7ntWI5ONZLel6mF4ueoCY1ZwYTr1dw xrjyxjnQS2Y/CV1OgtZ3QU/tra5fbU3nJ5YQ= X-Gm-Gg: ASbGnctVGA3ZK4SkNIuG6DeCfkjcpfz4lm/eP1ovoq84Krz7jfwe4xCJHTsgRc+jw3F O9rY59JqVFAlhTDCRXj+kt+Sc/J59sRpD4Dz4BNSHdNLiVtFzwpAUvpiSR1I0NMTvar1R9eRSGg kFAEYmlrI= X-Google-Smtp-Source: AGHT+IGunu4NbIYTmpQaMd3AEa3BS15W/ORrQhBUNw7kaT45aRnHC4ZbhGjg+iKPGol3AbAm5XfOZnSMdnMCSfHyCr0= X-Received: by 2002:a05:6512:3da9:b0:545:2fa7:5a8b with SMTP id 2adb3069b0e04-54838eff1b6mr3289227e87.27.1740245582939; Sat, 22 Feb 2025 09:33:02 -0800 (PST) MIME-Version: 1.0 References: <20250222160850.505274-1-shikemeng@huaweicloud.com> <20250222160850.505274-3-shikemeng@huaweicloud.com> In-Reply-To: <20250222160850.505274-3-shikemeng@huaweicloud.com> From: Kairui Song Date: Sun, 23 Feb 2025 01:32:46 +0800 X-Gm-Features: AWEUYZnr2ss2VVnMyxE1ZlX57zg31x7DY51azRUJ_wGWkB_51PHazY_TXmC3aas Message-ID: Subject: Re: [PATCH 2/6] mm: swap: use correct step in loop to wait all clusters in wait_for_allocation() To: Kemeng Shi Cc: akpm@linux-foundation.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 06E03120010 X-Stat-Signature: bxdqr5xsem1iu1nmsdieg7mmyofjhnk6 X-Rspam-User: X-HE-Tag: 1740245584-907086 X-HE-Meta: U2FsdGVkX1/ZlSOiIe+Al1Dym+fBx22MfQ1nijDq/lgSNROgysGe+//lFH0AeVUeAXmQY8XXfo6R7VqVK4/qsmnBiRPUtaGwZcBFHKerS1hQ/WUr3vhK6vrPnewJ1bOn1aP2qWrbTkKtk8WLpiSr9QqFyRqD8WorkmkNq/IkB/4Svothj+iHNWgIRw4oGqO1+YwXsceS2O9LWxhG9QsiFcQ5XLCiEaoAkQ8XCNX8ndbFYAQG+60brSiNFo38eRw7bMSt6ZdIHgv6H1Y0xAzGHgaVZElMvsBsB8N6Z5QxaQMMrHbB08CkGJ0l/O67xz/gzjtMXajPH2nsenqtr1B0Q/KEbH6aVczaOHprNoJaqcswWzqN7V3iDgiXmcGcYAD9EknQAIBLU5qzWA4IRUmlQX50INRvUdDeTS+0KzHbRtNIBhNU+lH6t+4LfPjtRqNJ7DKb+Y+fIvUStrmR6f6ie3JZDvlYz4UOYhsYlZ2+c3BVA+FFDS6C95kKjh4fiJnC/lcneAubm3AIz+gtfhtrhtCT+9W4KuMPm1n3KcxQAG6Yt6LDCiKiVH6qGcLssE53dTf/aXg41P6s0bO3awcpDPWp8rgvz5XaZ/f3qD+5u/4qSsnWVZWNUlYpX1OlUohQxtVPoY5j8NiPm/GpIeWBkXBUguu1LoXzJjfF0IbM8+rLXFpaPbJTs01jCaGIi504ZuRjz+5db3/3UlwjdnU/sDHgtwyJLRkHdOXP5292ataVrgU/8PJ+DJpzFYu30gfUPKa9WdzA9znFX1HZ11ADrF1kEfi7o83ft/zhnJTaO+9eG7aMd0BhfwMOKX/DNEYuZ2BP0DxoKtN2EeV2Mg7HVQmVoKIp3u4ekZwPu+PXgox21aRf2qKIuJupELphlvwJslD2h2yp8NJR/YzCxDPwNOzK0MXRJ7IGgntC2xkfVaa2GlV4jHToo4+aa9qxS6OuxFjxwZuSYNzO5Rc4olS iUqz5ZVR jfXcckgmHTTa25tmbqh/v6HKJKRzu1vReyDtuuLLM5+551Zf4PX+wkGI8zFQH5yVoTno7evGOpYLc5+zkId9KpY80g14akMtGsvnw4OedOXyi763etGKZKKJd9ANVDFLrodKtJZPe+OfiJMnXiOmqPuAxC+6W3aA2QsSNp7siklUPN9yPzbFdBUXyHd6t9mlmDN54CaVXQrX/hhSp2At125vQVJO8yp4z4AT3jiownIiaw6VVwqLU+A5R0FHW+Ttq/59WeCoquQT9vWVR9IVyQlx/VfZ658JRWpybeHCtR/bXxOcveGzisf767HuCVPVZZsWEb47zxthK9JZQYuccGXlEnwO0iEkTwvvNHM0Kxw2ZtjtDCVAbDL2Xw8Y08iJFMWIFO4x8GjNCkk4V8tvQYf3B3MbivTNoOK/lk/uKhCJ3HRFURJttfD/CQQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.001457, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sat, Feb 22, 2025 at 3:12=E2=80=AFPM Kemeng Shi wrote: > > Use correct step in loop to wait all clusters in wait_for_allocation(). > If we miss some cluster in wait_for_allocation(), use after free may > occurs as following: > shmem_writepage swapoff > folio_alloc_swap > get_swap_pages > scan_swap_map_slots > cluster_alloc_swap_entry > alloc_swap_scan_cluster > cluster_alloc_range > /* SWP_WRITEOK is valid */ > if (!(si->flags & SWP_WRITEOK)) > > ... > del_from_avail_list(p, true); > ... > /* miss the cluster in shmem_writepage = */ > wait_for_allocation() > ... > try_to_unuse() > > memset(si->swap_map + start, usage, nr_pages); > swap_range_alloc(si, nr_pages); > ci->count +=3D nr_pages; > /* return a valid entry */ > > ... > exit_swap_address_space(p->type); > ... > > ... > add_to_swap_cache > /* dereference swap_address_space(entry) which is NULL */ > xas_lock_irq(&xas); > > Fixes: e47bd46eab97e ("mm, swap: hold a reference during scan and cleanup= flag usage") > Signed-off-by: Kemeng Shi > --- > mm/swapfile.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/mm/swapfile.c b/mm/swapfile.c > index e5f58ab86329..425126c0a07d 100644 > --- a/mm/swapfile.c > +++ b/mm/swapfile.c > @@ -2627,7 +2627,6 @@ static void wait_for_allocation(struct swap_info_st= ruct *si) > for (offset =3D 0; offset < end; offset +=3D SWAPFILE_CLUSTER) { > ci =3D lock_cluster(si, offset); > unlock_cluster(ci); > - offset +=3D SWAPFILE_CLUSTER; > } > } > Thanks, good catch. Reviewed-by: Kairui Song