Re: [PATCH] mm: do not access page->mapping directly on page_endio

[Minchan Kim <minchan@kernel.org>]

On Wed, Feb 22, 2017 at 01:11:00PM +0100, Michal Hocko wrote:
> On Wed 22-02-17 14:39:24, Minchan Kim wrote:
> > With rw_page, page_endio is used for completing IO on a page
> > and it propagates write error to the address space if the IO
> > fails. The problem is it accesses page->mapping directly which
> > might be okay for file-backed pages but it shouldn't for
> > anonymous page. Otherwise, it can corrupt one of field from
> > anon_vma under us and system goes panic randomly.
> 
> I was about to say that anonymous pages shouldn't hit that path because
> the end_swap_bio_write doesn call page_endio. But then I've noticed that

No. For driver to support rw_page, every swap_writepage calls rw_page.

swap_writepage
  bdev_writepage
    ops->rw_page


> zram does call this function. On a closer look, though, it doesn't seem
> to call it with err != 0 so it cannot hit this path. So I am wondering
> whether this actually fixes anything. Why it has been marked for stable?

Look at other drivers to support rw_page, not zram, esp, brd.
They can be used for swap device and then can hit the case.

In fact, I encountered the BUG during zram development(i.e., it doesn't
land to upstream) and it was really hard to figure it out because it made
random crash, sometime mmap_sem lockdep, sometime other places where
places never related to zram/zsmalloc, sometime not reproducible.

When I consider how that bug is subtle and people do fast-swap test as brd,
it's worth to add stable mark, I think.