From: Kairui Song <ryncsn@gmail.com>
To: linux-mm@kvack.org
Cc: Kairui Song <ryncsn@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Matthew Wilcox <willy@infradead.org>,
Hugh Dickins <hughd@google.com>, Chris Li <chrisl@kernel.org>,
Barry Song <baohua@kernel.org>, Baoquan He <bhe@redhat.com>,
Nhat Pham <nphamcs@gmail.com>,
Kemeng Shi <shikemeng@huaweicloud.com>,
Baolin Wang <baolin.wang@linux.alibaba.com>,
Ying Huang <ying.huang@linux.alibaba.com>,
Johannes Weiner <hannes@cmpxchg.org>,
David Hildenbrand <david@redhat.com>,
Yosry Ahmed <yosryahmed@google.com>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
Zi Yan <ziy@nvidia.com>,
linux-kernel@vger.kernel.org, Kairui Song <kasong@tencent.com>
Subject: [PATCH v4 04/15] mm, swap: check page poison flag after locking it
Date: Wed, 17 Sep 2025 00:00:49 +0800 [thread overview]
Message-ID: <20250916160100.31545-5-ryncsn@gmail.com> (raw)
In-Reply-To: <20250916160100.31545-1-ryncsn@gmail.com>
From: Kairui Song <kasong@tencent.com>
Instead of checking the poison flag only in the fast swap cache lookup
path, always check the poison flags after locking a swap cache folio.
There are two reasons to do so.
The folio is unstable and could be removed from the swap cache anytime,
so it's totally possible that the folio is no longer the backing folio
of a swap entry, and could be an irrelevant poisoned folio. We might
mistakenly kill a faulting process.
And it's totally possible or even common for the slow swap in path
(swapin_readahead) to bring in a cached folio. The cache folio could be
poisoned, too. Only checking the poison flag in the fast path will miss
such folios.
The race window is tiny, so it's very unlikely to happen, though.
While at it, also add a unlikely prefix.
Signed-off-by: Kairui Song <kasong@tencent.com>
Acked-by: Chris Li <chrisl@kernel.org>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Nhat Pham <nphamcs@gmail.com>
---
mm/memory.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/mm/memory.c b/mm/memory.c
index 10ef528a5f44..94a5928e8ace 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -4661,10 +4661,8 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
goto out;
folio = swap_cache_get_folio(entry);
- if (folio) {
+ if (folio)
swap_update_readahead(folio, vma, vmf->address);
- page = folio_file_page(folio, swp_offset(entry));
- }
swapcache = folio;
if (!folio) {
@@ -4735,20 +4733,13 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
ret = VM_FAULT_MAJOR;
count_vm_event(PGMAJFAULT);
count_memcg_event_mm(vma->vm_mm, PGMAJFAULT);
- page = folio_file_page(folio, swp_offset(entry));
- } else if (PageHWPoison(page)) {
- /*
- * hwpoisoned dirty swapcache pages are kept for killing
- * owner processes (which may be unknown at hwpoison time)
- */
- ret = VM_FAULT_HWPOISON;
- goto out_release;
}
ret |= folio_lock_or_retry(folio, vmf);
if (ret & VM_FAULT_RETRY)
goto out_release;
+ page = folio_file_page(folio, swp_offset(entry));
if (swapcache) {
/*
* Make sure folio_free_swap() or swapoff did not release the
@@ -4761,6 +4752,15 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
page_swap_entry(page).val != entry.val))
goto out_page;
+ if (unlikely(PageHWPoison(page))) {
+ /*
+ * hwpoisoned dirty swapcache pages are kept for killing
+ * owner processes (which may be unknown at hwpoison time)
+ */
+ ret = VM_FAULT_HWPOISON;
+ goto out_page;
+ }
+
/*
* KSM sometimes has to copy on read faults, for example, if
* folio->index of non-ksm folios would be nonlinear inside the
--
2.51.0
next prev parent reply other threads:[~2025-09-16 16:01 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-16 16:00 [PATCH v4 00/15] mm, swap: introduce swap table as swap cache (phase I) Kairui Song
2025-09-16 16:00 ` [PATCH v4 01/15] docs/mm: add document for swap table Kairui Song
2025-09-16 21:59 ` Barry Song
2025-09-16 22:42 ` Chris Li
2025-09-16 23:09 ` Barry Song
2025-09-16 23:28 ` Chris Li
2025-09-16 23:47 ` Barry Song
2025-09-17 16:48 ` Chris Li
2025-09-17 23:37 ` Barry Song
2025-09-17 23:50 ` Barry Song
2025-09-18 4:50 ` Chris Li
2025-09-18 5:03 ` Chris Li
2025-09-18 7:03 ` Chris Li
2025-09-18 8:58 ` Barry Song
2025-09-18 14:19 ` Chris Li
2025-09-18 21:35 ` Barry Song
2025-09-21 0:11 ` Chris Li
2025-09-17 16:14 ` SeongJae Park
2025-09-17 17:12 ` Chris Li
2025-09-16 16:00 ` [PATCH v4 02/15] mm, swap: use unified helper for swap cache look up Kairui Song
2025-09-16 16:00 ` [PATCH v4 03/15] mm, swap: fix swap cache index error when retrying reclaim Kairui Song
2025-09-16 16:00 ` Kairui Song [this message]
2025-09-16 16:00 ` [PATCH v4 05/15] mm, swap: always lock and check the swap cache folio before use Kairui Song
2025-09-17 23:54 ` Barry Song
2025-09-16 16:00 ` [PATCH v4 06/15] mm, swap: rename and move some swap cluster definition and helpers Kairui Song
2025-09-19 22:02 ` Nhat Pham
2025-09-16 16:00 ` [PATCH v4 07/15] mm, swap: tidy up swap device and cluster info helpers Kairui Song
2025-09-16 16:00 ` [PATCH v4 08/15] mm, swap: cleanup swap cache API and add kerneldoc Kairui Song
2025-09-16 16:00 ` [PATCH v4 09/15] mm/shmem, swap: remove redundant error handling for replacing folio Kairui Song
2025-09-24 21:55 ` Chris Li
2025-09-16 16:00 ` [PATCH v4 10/15] mm, swap: wrap swap cache replacement with a helper Kairui Song
2025-09-16 16:00 ` [PATCH v4 11/15] mm, swap: use the swap table for the swap cache and switch API Kairui Song
2025-09-16 16:00 ` [PATCH v4 12/15] mm, swap: mark swap address space ro and add context debug check Kairui Song
2025-09-16 16:00 ` [PATCH v4 13/15] mm, swap: remove contention workaround for swap cache Kairui Song
2025-09-16 16:00 ` [PATCH v4 14/15] mm, swap: implement dynamic allocation of swap table Kairui Song
2025-09-16 22:51 ` Barry Song
2025-09-24 21:51 ` Chris Li
2025-09-16 16:01 ` [PATCH v4 15/15] mm, swap: use a single page for swap table when the size fits Kairui Song
2025-09-16 22:30 ` Barry Song
2025-09-17 3:52 ` Kairui Song
2025-09-17 4:41 ` Barry Song
2025-09-17 4:50 ` Barry Song
2025-09-16 21:22 ` [PATCH v4 00/15] mm, swap: introduce swap table as swap cache (phase I) Hugh Dickins
2025-09-17 3:53 ` Kairui Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250916160100.31545-5-ryncsn@gmail.com \
--to=ryncsn@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=baohua@kernel.org \
--cc=baolin.wang@linux.alibaba.com \
--cc=bhe@redhat.com \
--cc=chrisl@kernel.org \
--cc=david@redhat.com \
--cc=hannes@cmpxchg.org \
--cc=hughd@google.com \
--cc=kasong@tencent.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=nphamcs@gmail.com \
--cc=shikemeng@huaweicloud.com \
--cc=willy@infradead.org \
--cc=ying.huang@linux.alibaba.com \
--cc=yosryahmed@google.com \
--cc=ziy@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).