* [PATCH] shmem: Update folio if shmem_replace_page() updates the page
@ 2022-07-30 4:25 Matthew Wilcox (Oracle)
2022-08-03 0:46 ` Andrew Morton
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Matthew Wilcox (Oracle) @ 2022-07-30 4:25 UTC (permalink / raw)
To: Hugh Dickins, Andrew Morton
Cc: Matthew Wilcox (Oracle), linux-mm, linux-kernel
If we allocate a new page, we need to make sure that our folio matches
that new page. This will be solved by changing shmem_replace_page()
to shmem_replace_folio(), but this is the minimal fix.
Fixes: da08e9b79323 ("mm/shmem: convert shmem_swapin_page() to shmem_swapin_folio()")
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
---
mm/shmem.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/mm/shmem.c b/mm/shmem.c
index a6f565308133..bcc0a3c7b5bf 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1771,6 +1771,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index,
if (shmem_should_replace_folio(folio, gfp)) {
error = shmem_replace_page(&page, gfp, info, index);
+ folio = page_folio(page);
if (error)
goto failed;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH] shmem: Update folio if shmem_replace_page() updates the page 2022-07-30 4:25 [PATCH] shmem: Update folio if shmem_replace_page() updates the page Matthew Wilcox (Oracle) @ 2022-08-03 0:46 ` Andrew Morton 2022-08-03 3:17 ` Matthew Wilcox 2022-08-05 20:52 ` William Kucharski 2022-08-10 16:03 ` Hugh Dickins 2 siblings, 1 reply; 6+ messages in thread From: Andrew Morton @ 2022-08-03 0:46 UTC (permalink / raw) To: Matthew Wilcox (Oracle); +Cc: Hugh Dickins, linux-mm, linux-kernel On Sat, 30 Jul 2022 05:25:18 +0100 "Matthew Wilcox (Oracle)" <willy@infradead.org> wrote: > If we allocate a new page, we need to make sure that our folio matches > that new page. This will be solved by changing shmem_replace_page() > to shmem_replace_folio(), but this is the minimal fix. > > ... > > --- a/mm/shmem.c > +++ b/mm/shmem.c > @@ -1771,6 +1771,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > > if (shmem_should_replace_folio(folio, gfp)) { > error = shmem_replace_page(&page, gfp, info, index); > + folio = page_folio(page); > if (error) > goto failed; > } What are the user-visible runtime effects of the bug? Should we backport this into 5.19.X? ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] shmem: Update folio if shmem_replace_page() updates the page 2022-08-03 0:46 ` Andrew Morton @ 2022-08-03 3:17 ` Matthew Wilcox 2022-08-05 20:34 ` William Kucharski 0 siblings, 1 reply; 6+ messages in thread From: Matthew Wilcox @ 2022-08-03 3:17 UTC (permalink / raw) To: Andrew Morton; +Cc: Hugh Dickins, linux-mm, linux-kernel On Tue, Aug 02, 2022 at 05:46:37PM -0700, Andrew Morton wrote: > On Sat, 30 Jul 2022 05:25:18 +0100 "Matthew Wilcox (Oracle)" <willy@infradead.org> wrote: > > > If we allocate a new page, we need to make sure that our folio matches > > that new page. This will be solved by changing shmem_replace_page() > > to shmem_replace_folio(), but this is the minimal fix. > > > > ... > > > > --- a/mm/shmem.c > > +++ b/mm/shmem.c > > @@ -1771,6 +1771,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > > > > if (shmem_should_replace_folio(folio, gfp)) { > > error = shmem_replace_page(&page, gfp, info, index); > > + folio = page_folio(page); > > if (error) > > goto failed; > > } > > What are the user-visible runtime effects of the bug? > > Should we backport this into 5.19.X? Definitely should be backported. The next line not visible in this patch context says: error = shmem_add_to_page_cache(folio, mapping, index, swp_to_radix_entry(swap), gfp, charge_mm); so if we do end up in this path, we store the wrong page in the shmem inode's page cache, and I would rather imagine that data corruption ensues. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] shmem: Update folio if shmem_replace_page() updates the page 2022-08-03 3:17 ` Matthew Wilcox @ 2022-08-05 20:34 ` William Kucharski 0 siblings, 0 replies; 6+ messages in thread From: William Kucharski @ 2022-08-05 20:34 UTC (permalink / raw) To: Matthew Wilcox Cc: Andrew Morton, Hugh Dickins, linux-mm@kvack.org, linux-kernel@vger.kernel.org Looks good. Reviewed-by: William Kucharski <william.kucharski@oracle.com> > On Aug 2, 2022, at 21:18, Matthew Wilcox <willy@infradead.org> wrote: > > On Tue, Aug 02, 2022 at 05:46:37PM -0700, Andrew Morton wrote: >>> On Sat, 30 Jul 2022 05:25:18 +0100 "Matthew Wilcox (Oracle)" <willy@infradead.org> wrote: >>> >>> If we allocate a new page, we need to make sure that our folio matches >>> that new page. This will be solved by changing shmem_replace_page() >>> to shmem_replace_folio(), but this is the minimal fix. >>> >>> ... >>> >>> --- a/mm/shmem.c >>> +++ b/mm/shmem.c >>> @@ -1771,6 +1771,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, >>> >>> if (shmem_should_replace_folio(folio, gfp)) { >>> error = shmem_replace_page(&page, gfp, info, index); >>> + folio = page_folio(page); >>> if (error) >>> goto failed; >>> } >> >> What are the user-visible runtime effects of the bug? >> >> Should we backport this into 5.19.X? > > Definitely should be backported. The next line not visible in this > patch context says: > > error = shmem_add_to_page_cache(folio, mapping, index, > swp_to_radix_entry(swap), gfp, > charge_mm); > > so if we do end up in this path, we store the wrong page in the > shmem inode's page cache, and I would rather imagine that data > corruption ensues. > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] shmem: Update folio if shmem_replace_page() updates the page 2022-07-30 4:25 [PATCH] shmem: Update folio if shmem_replace_page() updates the page Matthew Wilcox (Oracle) 2022-08-03 0:46 ` Andrew Morton @ 2022-08-05 20:52 ` William Kucharski 2022-08-10 16:03 ` Hugh Dickins 2 siblings, 0 replies; 6+ messages in thread From: William Kucharski @ 2022-08-05 20:52 UTC (permalink / raw) To: Matthew Wilcox (Oracle) Cc: Hugh Dickins, Andrew Morton, linux-mm@kvack.org, linux-kernel@vger.kernel.org Looks good. Reviewed-by: William Kucharski <william.kucharski@oracle.com> > On Jul 29, 2022, at 10:25 PM, Matthew Wilcox (Oracle) <willy@infradead.org> wrote: > > If we allocate a new page, we need to make sure that our folio matches > that new page. This will be solved by changing shmem_replace_page() > to shmem_replace_folio(), but this is the minimal fix. > > Fixes: da08e9b79323 ("mm/shmem: convert shmem_swapin_page() to shmem_swapin_folio()") > Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> > --- > mm/shmem.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/mm/shmem.c b/mm/shmem.c > index a6f565308133..bcc0a3c7b5bf 100644 > --- a/mm/shmem.c > +++ b/mm/shmem.c > @@ -1771,6 +1771,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > > if (shmem_should_replace_folio(folio, gfp)) { > error = shmem_replace_page(&page, gfp, info, index); > + folio = page_folio(page); > if (error) > goto failed; > } > -- > 2.35.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] shmem: Update folio if shmem_replace_page() updates the page 2022-07-30 4:25 [PATCH] shmem: Update folio if shmem_replace_page() updates the page Matthew Wilcox (Oracle) 2022-08-03 0:46 ` Andrew Morton 2022-08-05 20:52 ` William Kucharski @ 2022-08-10 16:03 ` Hugh Dickins 2 siblings, 0 replies; 6+ messages in thread From: Hugh Dickins @ 2022-08-10 16:03 UTC (permalink / raw) To: Matthew Wilcox (Oracle) Cc: Hugh Dickins, Andrew Morton, linux-mm, linux-kernel, Zdenek Kabelac On Sat, 30 Jul 2022, Matthew Wilcox (Oracle) wrote: > If we allocate a new page, we need to make sure that our folio matches > that new page. This will be solved by changing shmem_replace_page() > to shmem_replace_folio(), but this is the minimal fix. > > Fixes: da08e9b79323 ("mm/shmem: convert shmem_swapin_page() to shmem_swapin_folio()") > Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Acked-by: Hugh Dickins <hughd@google.com> I hit this myself just once, at about the very time you sent the fix. But, thinking that shmem_replace_page() was special for gma500, couldn't understand how I (or most people) would ever get there. Turns out that nowadays tmpfs symlinks longer than 128 can come this way on 32-bit (I had been testing kmap_local stuff for other reasons). And today I see that Zdenek hit it on 5.19-rc back in June: https://lore.kernel.org/lkml/584ae788-05e3-5824-8c85-cbb833677850@redhat.com/ so this patch is definitely one for -stable. Hugh > --- > mm/shmem.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/mm/shmem.c b/mm/shmem.c > index a6f565308133..bcc0a3c7b5bf 100644 > --- a/mm/shmem.c > +++ b/mm/shmem.c > @@ -1771,6 +1771,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, > > if (shmem_should_replace_folio(folio, gfp)) { > error = shmem_replace_page(&page, gfp, info, index); > + folio = page_folio(page); > if (error) > goto failed; > } > -- > 2.35.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-08-10 16:03 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-07-30 4:25 [PATCH] shmem: Update folio if shmem_replace_page() updates the page Matthew Wilcox (Oracle) 2022-08-03 0:46 ` Andrew Morton 2022-08-03 3:17 ` Matthew Wilcox 2022-08-05 20:34 ` William Kucharski 2022-08-05 20:52 ` William Kucharski 2022-08-10 16:03 ` Hugh Dickins
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).