On 2022/5/10 14:17, HORIGUCHI NAOYA(堀口 直也) wrote: > On Sun, Apr 24, 2022 at 05:11:03PM +0800, Miaohe Lin wrote: >> There is a bug in unuse_pte(): when swap page happens to be unreadable, >> page filled with random data is mapped into user address space. In case >> of error, a special swap entry indicating swap read fails is set to the >> page table. So the swapcache page can be freed and the user won't end up >> with a permanently mounted swap because a sector is bad. And if the page >> is accessed later, the user process will be killed so that corrupted data >> is never consumed. On the other hand, if the page is never accessed, the >> user won't even notice it. >> >> Signed-off-by: Miaohe Lin <linmiaohe@xxxxxxxxxx> >> Acked-by: David Hildenbrand <david@xxxxxxxxxx> > > When I reproduced the issue (generated read error with dm-dust), I saw > infinite loop in the while loop in shmem_unuse_inode() (and this happens > even with this patch). I confirmed that shmem_swapin_page() returns -EIO, > but shmem_unuse_swap_entries() does not return the error to the callers, > so the while loop in shmem_unuse_inode() seems not break. In the current implementation, try_to_unuse will keep trying to do shmem_unuse unless -ENOMEM is returned from shmem_swapin_folio. This could be easily fixed by return -EIO when swapin error occurs. But the user will end up with a permanently mounted swap just because a sector was bad. One alternative is inventing a way to proceed the swapoff while preventing user from accessing the wrong data. But this might complicate the code a lot and I need to learn more about shmem. Any suggestion will be really grateful! Thanks! :) > > So maybe you need more code around shmem_unuse_inode() to handle the error? > > Thanks, > Naoya Horiguchi >
