On 13.01.22 17:37, Linus Torvalds wrote: > On Thu, Jan 13, 2022 at 6:39 AM Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote: >> >> Let's bring Linus in on this, but I think this reintroduces all of the >> mapcount problems that we've been discussing recently. >> >> How about this as an alternative? > > No, at that point reuse_swap_page() is the better thing to do. > > Don't play games with page_count() (or even worse games with > swap_count). The page count is only stable if it's 1. Any other value > means that it can fluctuate due to concurrent lookups, some of which > can be done locklessly under RCU. I'm pretty sure the patch as is will reintroduce the CVE. So I think in addition to the reuse_swap_page() check we need more. I'm wondering if we can get rid of the mapcount checks in reuse_swap_page() and instead check for page_count() and swapcount only. We don't care if it's unstable in a sense than it will be bigger than what we expect. In that case we COW as we would already do. Thoughts? -- Thanks, David / dhildenb
