On Thu, 14 Dec 2023 04:58:41 +0000 "Matthew Wilcox (Oracle)" <willy@xxxxxxxxxxxxx> wrote:
> From: Charan Teja Kalla <quic_charante@xxxxxxxxxxx>
>
> Large folios occupy N consecutive entries in the swap cache
> instead of using multi-index entries like the page cache.
> However, if a large folio is re-added to the LRU list, it can
> be migrated. The migration code was not aware of the difference
> between the swap cache and the page cache and assumed that a single
> xas_store() would be sufficient.
>
> This leaves potentially many stale pointers to the now-migrated folio
> in the swap cache, which can lead to almost arbitrary data corruption
> in the future. This can also manifest as infinite loops with the
> RCU read lock held.
>
> Signed-off-by: Charan Teja Kalla <quic_charante@xxxxxxxxxxx>
> [modifications to the changelog & tweaked the fix]
> Signed-off-by: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx>
I'm thinking
Fixes: 3417013e0d183be ("mm/migrate: Add folio_migrate_mapping()")
hence
Cc: <stable@xxxxxxxxxxxxxxx>
And also
Reported-by: Charan Teja Kalla <quic_charante@xxxxxxxxxxx>
Closes: https://lkml.kernel.org/r/1700569840-17327-1-git-send-email-quic_charante@xxxxxxxxxxx
