Commit a733d8de authored by Kairui Song's avatar Kairui Song Committed by Andrew Morton
Browse files

mm, swap: fix swap cache index error when retrying reclaim 

The allocator will reclaim cached slots while scanning.  Currently, it
will try again if reclaim found a folio that is already removed from the
swap cache due to a race.  But the following lookup will be using the
wrong index.  It won't cause any OOB issue since the swap cache index is
truncated upon lookup, but it may lead to reclaiming of an irrelevant
folio.

This should not cause a measurable issue, but we should fix it.

Link: https://lkml.kernel.org/r/20250916160100.31545-4-ryncsn@gmail.com


Fixes: fae85955 ("mm, swap: avoid reclaiming irrelevant swap cache")
Signed-off-by: default avatarKairui Song <kasong@tencent.com>
Reviewed-by: default avatarBaolin Wang <baolin.wang@linux.alibaba.com>
Acked-by: default avatarNhat Pham <nphamcs@gmail.com>
Acked-by: default avatarChris Li <chrisl@kernel.org>
Acked-by: default avatarDavid Hildenbrand <david@redhat.com>
Suggested-by: default avatarChris Li <chrisl@kernel.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Barry Song <baohua@kernel.org>
Cc: "Huang, Ying" <ying.huang@linux.alibaba.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Kemeng Shi <shikemeng@huaweicloud.com>
Cc: kernel test robot <oliver.sang@intel.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Yosry Ahmed <yosryahmed@google.com>
Cc: Zi Yan <ziy@nvidia.com>
Cc: SeongJae Park <sj@kernel.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent f2812461

mm/swapfile.c

+4 −4
Original line number Diff line number Diff line
@@ -212,7 +212,7 @@ static bool swap_is_last_map(struct swap_info_struct *si, 
static int __try_to_reclaim_swap(struct swap_info_struct *si,

				 unsigned long offset, unsigned long flags)

{

	swp_entry_t entry = swp_entry(si->type, offset);

	const swp_entry_t entry = swp_entry(si->type, offset);

	struct swap_cluster_info *ci;

	struct folio *folio;

	int ret, nr_pages;
@@ -240,13 +240,13 @@ static int __try_to_reclaim_swap(struct swap_info_struct *si, 
	 * Offset could point to the middle of a large folio, or folio

	 * may no longer point to the expected offset before it's locked.

	 */

	entry = folio->swap;

	if (offset < swp_offset(entry) || offset >= swp_offset(entry) + nr_pages) {

	if (offset < swp_offset(folio->swap) ||

	    offset >= swp_offset(folio->swap) + nr_pages) {

		folio_unlock(folio);

		folio_put(folio);

		goto again;

	}

	offset = swp_offset(entry);

	offset = swp_offset(folio->swap);



	need_reclaim = ((flags & TTRS_ANYWAY) ||

			((flags & TTRS_UNMAPPED) && !folio_mapped(folio)) ||