[patch 09/20] mm: fix the page_swap_info() BUG_ON check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Santosh Shilimkar <santosh.shilimkar@xxxxxxxxxx>
Subject: mm: fix the page_swap_info() BUG_ON check

62c230bc1790 ("mm: add support for a filesystem to activate swap files and
use direct_IO for writing swap pages") replaced swap_aops dirty hook from
__set_page_dirty_no_writeback() to swap_set_page_dirty().  As such for
normal cases without these special SWP flags code path falls back to
__set_page_dirty_no_writeback() so behaviour is expected to be same as
before.

But swap_set_page_dirty() makes use of helper page_swap_info() to get
sis(swap_info_struct) to check for the flags like SWP_FILE, SWP_BLKDEV etc
as desired for those features.  This helper has
BUG_ON(!PageSwapCache(page)) which is racy and safe only for
set_page_dirty_lock() path.  For set_page_dirty() path which is often
needed for cases to be called from irq context, kswapd() can togele the
flag behind the back while the call is getting executed when system is low
on memory and heavy swapping is ongoing.

This ends up with undesired kernel panic.  Patch just moves the check
outside the helper to its users appropriately to fix kernel panic for the
described path.  Couple of users of helpers already take care of SwapCache
condition so I skipped them.

Link: http://lkml.kernel.org/r/1473460718-31013-1-git-send-email-santosh.shilimkar@xxxxxxxxxx
Signed-off-by: Santosh Shilimkar <santosh.shilimkar@xxxxxxxxxx>
Cc: Mel Gorman <mgorman@xxxxxxx>
Cc: Joe Perches <joe@xxxxxxxxxxx>
Cc: Peter Zijlstra <a.p.zijlstra@xxxxxxxxx>
Cc: Rik van Riel <riel@xxxxxxxxxx>
Cc: David S. Miller <davem@xxxxxxxxxxxxx>
Cc: Jens Axboe <axboe@xxxxxx>
Cc: Michal Hocko <mhocko@xxxxxxxx>
Cc: Hugh Dickins <hughd@xxxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>	[4.7.x]
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 mm/page_io.c  |    3 +++
 mm/swapfile.c |    1 -
 2 files changed, 3 insertions(+), 1 deletion(-)

diff -puN mm/page_io.c~mm-fix-the-page_swap_info-bug_on-check mm/page_io.c
--- a/mm/page_io.c~mm-fix-the-page_swap_info-bug_on-check
+++ a/mm/page_io.c
@@ -264,6 +264,7 @@ int __swap_writepage(struct page *page,
 	int ret;
 	struct swap_info_struct *sis = page_swap_info(page);
 
+	BUG_ON(!PageSwapCache(page));
 	if (sis->flags & SWP_FILE) {
 		struct kiocb kiocb;
 		struct file *swap_file = sis->swap_file;
@@ -337,6 +338,7 @@ int swap_readpage(struct page *page)
 	int ret = 0;
 	struct swap_info_struct *sis = page_swap_info(page);
 
+	BUG_ON(!PageSwapCache(page));
 	VM_BUG_ON_PAGE(!PageLocked(page), page);
 	VM_BUG_ON_PAGE(PageUptodate(page), page);
 	if (frontswap_load(page) == 0) {
@@ -386,6 +388,7 @@ int swap_set_page_dirty(struct page *pag
 
 	if (sis->flags & SWP_FILE) {
 		struct address_space *mapping = sis->swap_file->f_mapping;
+		BUG_ON(!PageSwapCache(page));
 		return mapping->a_ops->set_page_dirty(page);
 	} else {
 		return __set_page_dirty_no_writeback(page);
diff -puN mm/swapfile.c~mm-fix-the-page_swap_info-bug_on-check mm/swapfile.c
--- a/mm/swapfile.c~mm-fix-the-page_swap_info-bug_on-check
+++ a/mm/swapfile.c
@@ -2724,7 +2724,6 @@ int swapcache_prepare(swp_entry_t entry)
 struct swap_info_struct *page_swap_info(struct page *page)
 {
 	swp_entry_t swap = { .val = page_private(page) };
-	BUG_ON(!PageSwapCache(page));
 	return swap_info[swp_type(swap)];
 }
 
_
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]
  Powered by Linux