On Wed, Sep 23, 2020 at 10:21:36AM +0800, Huang, Ying wrote:
> Hi, Rafael,
>
> Rafael Aquini <aquini@xxxxxxxxxx> writes:
>
> > The swap area descriptor only gets struct swap_cluster_info *cluster_info
> > allocated if the swapfile is backed by non-rotational storage.
> > When the swap area is laid on top of ordinary disk spindles, lock_cluster()
> > will naturally return NULL.
>
> Thanks for reporting. But the bug looks strange. Because in a system
> with only HDD swap devices, during THP swap out, the swap cluster
> shouldn't be allocated, as in
>
> shrink_page_list()
> add_to_swap()
> get_swap_page()
> get_swap_pages()
> swap_alloc_cluster()
>
The underlying problem is that swap_info_struct.cluster_info is always NULL
on the rotational storage case. So, it's very easy to follow that constructions
like this one, in split_swap_cluster
...
ci = lock_cluster(si, offset);
cluster_clear_huge(ci);
...
will go for a NULL pointer dereference, in that case, given that lock_cluster
reads:
...
struct swap_cluster_info *ci;
ci = si->cluster_info;
if (ci) {
ci += offset / SWAPFILE_CLUSTER;
spin_lock(&ci->lock);
}
return ci;
...
