On Mon, Feb 26, 2024 at 10:16:47PM +0000, Yosry Ahmed wrote: > In zswap_writeback_entry(), after we get a folio from > __read_swap_cache_async(), we grab the tree lock again to check that the > swap entry was not invalidated and recycled. If it was, we delete the > folio we just added to the swap cache and exit. > > However, __read_swap_cache_async() returns the folio locked when it is > newly allocated, which is always true for this path, and the folio is > ref'd. Make sure to unlock and put the folio before returning. > > This was discovered by code inspection, probably because this path handles > a race condition that should not happen often, and the bug would not crash > the system, it will only strand the folio indefinitely. > > Link: https://lkml.kernel.org/r/20240125085127.1327013-1-yosryahmed@xxxxxxxxxx > Fixes: 04fc7816089c ("mm: fix zswap writeback race condition") > Signed-off-by: Yosry Ahmed <yosryahmed@xxxxxxxxxx> > Reviewed-by: Chengming Zhou <zhouchengming@xxxxxxxxxxxxx> > Acked-by: Johannes Weiner <hannes@xxxxxxxxxxx> > Reviewed-by: Nhat Pham <nphamcs@xxxxxxxxx> > Cc: Domenico Cerasuolo <cerasuolodomenico@xxxxxxxxx> > Cc: <stable@xxxxxxxxxxxxxxx> > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > (cherry picked from commit e3b63e966cac0bf78aaa1efede1827a252815a1d) > Signed-off-by: Yosry Ahmed <yosryahmed@xxxxxxxxxx> > --- > mm/zswap.c | 2 ++ > 1 file changed, 2 insertions(+) Now queued up, thanks. greg k-h