The patch titled
Subject: mm: fix list corruption in put_pages_list
has been added to the -mm mm-unstable branch. Its filename is
mm-fix-list-corruption-in-put_pages_list.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mm-fix-list-corruption-in-put_pages_list.patch
This patch will later appear in the mm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: "Matthew Wilcox (Oracle)" <willy@xxxxxxxxxxxxx>
Subject: mm: fix list corruption in put_pages_list
Date: Wed, 6 Mar 2024 21:27:30 +0000
My recent change to put_pages_list() dereferences folio->lru.next after
returning the folio to the page allocator. Usually this is now on the pcp
list with other free folios, so we try to free an already-free folio.
This only happens with lists that have more than 15 entries, so it wasn't
immediately discovered. Revert to using list_for_each_safe() so we
dereference lru.next before disposing of the folio.
Link: https://lkml.kernel.org/r/20240306212749.1823380-1-willy@xxxxxxxxxxxxx
Fixes: 24835f899c01 ("mm: use free_unref_folios() in put_pages_list()")
Signed-off-by: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx>
Reported-by: "Borah, Chaitanya Kumar" <chaitanya.kumar.borah@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/swap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/mm/swap.c~mm-fix-list-corruption-in-put_pages_list
+++ a/mm/swap.c
@@ -152,10 +152,10 @@ EXPORT_SYMBOL(__folio_put);
void put_pages_list(struct list_head *pages)
{
struct folio_batch fbatch;
- struct folio *folio;
+ struct folio *folio, *next;
folio_batch_init(&fbatch);
- list_for_each_entry(folio, pages, lru) {
+ list_for_each_entry_safe(folio, next, pages, lru) {
if (!folio_put_testzero(folio))
continue;
if (folio_test_large(folio)) {
_
Patches currently in -mm which might be from willy@xxxxxxxxxxxxx are
mm-fix-list-corruption-in-put_pages_list.patch
