From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA4E1C5B543 for ; Thu, 5 Jun 2025 13:17:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C5CD36B04F3; Thu, 5 Jun 2025 09:17:08 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C32F06B04EE; Thu, 5 Jun 2025 09:17:08 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A601F6B04EE; Thu, 5 Jun 2025 09:17:08 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 71FF26B04FB for ; Thu, 5 Jun 2025 09:17:08 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id B1A425C2FC for ; Thu, 5 Jun 2025 13:17:07 +0000 (UTC) X-FDA: 83521397694.17.940C20C Received: from dggsgout11.his.huawei.com (dggsgout11.his.huawei.com [45.249.212.51]) by imf16.hostedemail.com (Postfix) with ESMTP id ABEA9180007 for ; Thu, 5 Jun 2025 13:17:04 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf16.hostedemail.com: domain of shikemeng@huaweicloud.com designates 45.249.212.51 as permitted sender) smtp.mailfrom=shikemeng@huaweicloud.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1749129426; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Uw4IWRvshBsunr0R9V0k0aO4K9oA1bZF2ws4/+B258k=; b=TNgVvBXyZUNm2oiTwxSVJcQ8etrL9RVkBbLBbOB6eU+rFXParRStKz9jgOnDCbNVIbOfkZ BwWkV4YYXIFJwsIogi1vMaWR6DOzVzZKxeJJTC6aPmKi/xdm29rYn3dafBzky/O0SBGh+4 JKcbOuTtueJAuRojtnpWtTgk4Mmob5E= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf16.hostedemail.com: domain of shikemeng@huaweicloud.com designates 45.249.212.51 as permitted sender) smtp.mailfrom=shikemeng@huaweicloud.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1749129426; a=rsa-sha256; cv=none; b=O953ujpZCQo+U6Q/bOgGwR8UCy2qqQe6otDMTn0+SdCE/ts6jOMbo+mzbJOla6YcljBtL5 v/r/CidMoEaD1Va59437bgHDRFxvJtDP0h+zeBKxlEhKHIxgZu9etdgb4JxYYhdz6LzAjo jEdtgGdJpN9Hq79uEk6gG6hQaYBGwRg= Received: from mail.maildlp.com (unknown [172.19.163.216]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTPS id 4bClNB6l0lzYQvbL for ; Thu, 5 Jun 2025 21:16:58 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.112]) by mail.maildlp.com (Postfix) with ESMTP id 03ADA1A1D1A for ; Thu, 5 Jun 2025 21:16:58 +0800 (CST) Received: from huaweicloud.com (unknown [10.175.101.6]) by APP1 (Coremail) with SMTP id cCh0CgDnTH3HmEFobD9lOQ--.29489S4; Thu, 05 Jun 2025 21:16:57 +0800 (CST) From: Kemeng Shi To: hughd@google.com, baolin.wang@linux.alibaba.com, willy@infradead.org, akpm@linux-foundation.org Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: [PATCH 2/7] mm: shmem: avoid setting error on splited entries in shmem_set_folio_swapin_error() Date: Fri, 6 Jun 2025 06:10:32 +0800 Message-Id: <20250605221037.7872-3-shikemeng@huaweicloud.com> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20250605221037.7872-1-shikemeng@huaweicloud.com> References: <20250605221037.7872-1-shikemeng@huaweicloud.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID:cCh0CgDnTH3HmEFobD9lOQ--.29489S4 X-Coremail-Antispam: 1UD129KBjvJXoW7KF43Gw4rGr4DGw18Zr13Arb_yoW8tr48pa 1UG3ZYyr48WrW2kr1xJa1vvr1a9ayrWayUJrZ3W3WfAFnxJryUtFW09ryrXFyjkrykJw4F qF47Kr98ur4YqrJanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUPFb4IE77IF4wAFF20E14v26ryj6rWUM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M280x2IEY4vEnII2IxkI6r1a6r45M2 8IrcIa0xkI8VA2jI8067AKxVWUXwA2048vs2IY020Ec7CjxVAFwI0_Gr0_Xr1l8cAvFVAK 0II2c7xJM28CjxkF64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVW7JVWDJwA2z4 x0Y4vE2Ix0cI8IcVCY1x0267AKxVW8Jr0_Cr1UM28EF7xvwVC2z280aVAFwI0_GcCE3s1l 84ACjcxK6I8E87Iv6xkF7I0E14v26rxl6s0DM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I 8CrVACY4xI64kE6c02F40Ex7xfMcIj6xIIjxv20xvE14v26r1j6r18McIj6I8E87Iv67AK xVWUJVW8JwAm72CE4IkC6x0Yz7v_Jr0_Gr1lF7xvr2IYc2Ij64vIr41lc7CjxVAaw2AFwI 0_JF0_Jw1l42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG 67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r126r1DMI IYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E 14v26r4j6F4UMIIF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVWUJV W8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCTnIWIevJa73UjIFyTuYvjxUaknY DUUUU X-CM-SenderInfo: 5vklyvpphqwq5kxd4v5lfo033gof0z/ X-Rspam-User: X-Rspamd-Queue-Id: ABEA9180007 X-Rspamd-Server: rspam09 X-Stat-Signature: ot6u3ty5g7skrfruc7gftmqnuo9dn49z X-HE-Tag: 1749129424-439030 X-HE-Meta: U2FsdGVkX1/Kgjv9qUA757SFgN5cZxowb2yy8xq70uZJYid7p6DLFyLsgjpk4FMALdVAElYl7BhxUSmInkUOtEm/1BjjvYCSDvM23HtC8trKMl9xpV34UR7oUtQct34Y9ezOkFR1I4NeDMWU2ft7AyeExHSrfbfo02xYtlRQWcFhTOhtbjthycLn4S4n+Q5JZEH12jFZ1dQPhbJLwLXYtJ5+R5lPlsZ1aHTUvAq2+vbw0QE3fB86A3n+nbMwweuNurvJumf0YwUQRWRVHYebqwpAN45fG2vWzPn+AtbQuAyeawA/xXQBDNZDWT8g1FHxHz4h4HV3oz1+fLgSc3JZMTrj0oZQSOfv9eYnu6tOKqEz4I6rGCOuznPS5KYaavNLOy+13/e0so852D+ePSCNTGYdFD5uj+Iz2JdTxDKBIxoWxoe6K7SQT76TMXcL+6XPOO7+9QeMo+lwnbYN1iGsBLGd+O7WiHvWChhx81nI/WyvnQW7mrwf0mw1buIaAqB9XzCAAm6qVtQO0yfylcpf9bR07yMRzuPhBXoU6/SgZVw5+CbCi4vVpMqrzZ8V9xnK3rTQa+0TiIzVLyRhKrKFKhDaKd0XW4XrSZxPaFga2alLdSY1nj2ff/aNP8WhdTrL7+gpdv4QXWUVQrsmgPeLHD+VjR6dAA7jKY0NnzIAIuWrgwkvusJtFsBhHmE+vhNcjRwvDjR4HVNeRoRWuOjZXVJLmwUhUdQGK/qRQOD5Pk0ynX8iu40/FaVS7sz7EF80Lue1eudA1GjQM+JtJmOMwijqajtbGiQXzHFFV7NmjuLh5twfEo9xrXcS3N7jT6lhK9jHRhoX4Q9HEHJAusGmLD5CIs18O3jr5V7wdPGZD+Ha9pSM/FJovym5DegidD5NMWnn2+b+VFGf2vmQnSXHtm+ezZi7HyvgzrCyVPQV8Bp0lmnqLy/nKyM5iWd2RZciQET5OscWYNQKz2j1cPi acs/KX+H NYeFR3vJ7W/DPjcxooCvlEJUipL2FGYwTqMaJVjmRLhlFO14csxaa6Pcj1tRVqN0sjrg/sJXHE1UVEogqIM+MVWmHlGqWHph6DXPN+DTXHNTsrj6yRbRojPDQpud68HDwVW/1/qrnmGMkcgtzWj1fZSvYxK4kuh0aUzWVC6oDb9e/v+9SB7Epy9udRyERYYBH+RCLJuImCAEdq9WIWRfi2ZLPqA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: When large entry is splited, the first entry splited from large entry retains the same entry value and index as original large entry but it's order is reduced. In shmem_set_folio_swapin_error(), if large entry is splited before xa_cmpxchg_irq(), we may replace the first splited entry with error entry while using the size of original large entry for release operations. This could lead to a WARN_ON(i_blocks) due to incorrect nr_pages used by shmem_recalc_inode() and could lead to used after free due to incorrect nr_pages used by swap_free_nr(). Skip setting error if entry spliiting is detected to fix the issue. The bad entry will be replaced with error entry anyway as we will still get IO error when we swap in the bad entry at next time. Fixes: 12885cbe88ddf ("mm: shmem: split large entry if the swapin folio is not large") Signed-off-by: Kemeng Shi --- mm/shmem.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/mm/shmem.c b/mm/shmem.c index e27d19867e03..f1062910a4de 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2127,16 +2127,25 @@ static void shmem_set_folio_swapin_error(struct inode *inode, pgoff_t index, struct address_space *mapping = inode->i_mapping; swp_entry_t swapin_error; void *old; - int nr_pages; + int nr_pages = folio_nr_pages(folio); + int order; swapin_error = make_poisoned_swp_entry(); - old = xa_cmpxchg_irq(&mapping->i_pages, index, - swp_to_radix_entry(swap), - swp_to_radix_entry(swapin_error), 0); - if (old != swp_to_radix_entry(swap)) + xa_lock_irq(&mapping->i_pages); + order = xa_get_order(&mapping->i_pages, index); + if (nr_pages != (1 << order)) { + xa_unlock_irq(&mapping->i_pages); return; + } + old = __xa_cmpxchg(&mapping->i_pages, index, + swp_to_radix_entry(swap), + swp_to_radix_entry(swapin_error), 0); + if (old != swp_to_radix_entry(swap)) { + xa_unlock_irq(&mapping->i_pages); + return; + } + xa_unlock_irq(&mapping->i_pages); - nr_pages = folio_nr_pages(folio); folio_wait_writeback(folio); if (!skip_swapcache) delete_from_swap_cache(folio); -- 2.30.0