Hi, Miaohe, Miaohe Lin <linmiaohe@xxxxxxxxxx> writes: > Hi all, > I am investigating the swap code, and I found the below possible race window: > > CPU 1 CPU 2 > ----- ----- > do_swap_page > skip swapcache case (synchronous swap_readpage) > alloc_page_vma > swapoff > release swap_file, bdev, or ... > swap_readpage > check sis->flags is ok > access swap_file, bdev or ...[oops!] > si->flags = 0 > > The swapcache case is ok because swapoff will wait on the page_lock of swapcache page. > Is this will really happen or Am I miss something ? > Any reply would be really grateful. Thanks! :) This appears possible. Even for swapcache case, we can't guarantee the swap entry gotten from the page table is always valid too. The underlying swap device can be swapped off at the same time. So we use get/put_swap_device() for that. Maybe we need similar stuff here. Best Regards, Huang, Ying
