I analysied the code about swapoff and swapout, and I suspected there may be a race.
The kernel version is 4.14 stable.
CPU0 CPU1
swapoff swap out
add_to_swap
get_swap_page
...... get_swap_pages
spin_lock(&swap_avail_lock)
get swap_info_struct
spin_unlock(&swap_avail_lock)
spin_lock(&swap_avail_lock)
__def_from_avail_list(swap_info_struct)
spin_unlock(&swap_avail_lock) ......
try_to_unuse // unuse all slot
/* get a free slot from swap_info_struct,
* and write data to slot later
*/
scan_swap_map_slots
free swap_info_struct
.......
If CPU1 get the swap_info_struct first, then CPU0 delete it from list and
unuse all slot in swap_info_struct, before CPU0 free swap_info_struct CPU1
call scan_swap_map_slots to alloc a free slot.
I am not sure the analysis above is correct,
Please let me know if there is any mistake
Thanks
ChenWandun
