On Tue, Feb 27, 2024 at 12:58:27AM -0800, Yosry Ahmed wrote: > On Tue, Feb 27, 2024 at 12:55 AM Greg KH <greg@xxxxxxxxx> wrote: > > > > On Mon, Feb 26, 2024 at 10:10:17PM +0000, Yosry Ahmed wrote: > > > In zswap_writeback_entry(), after we get a folio from > > > __read_swap_cache_async(), we grab the tree lock again to check that the > > > swap entry was not invalidated and recycled. If it was, we delete the > > > folio we just added to the swap cache and exit. > > > > > > However, __read_swap_cache_async() returns the folio locked when it is > > > newly allocated, which is always true for this path, and the folio is > > > ref'd. Make sure to unlock and put the folio before returning. > > > > > > This was discovered by code inspection, probably because this path handles > > > a race condition that should not happen often, and the bug would not crash > > > the system, it will only strand the folio indefinitely. > > > > > > Link: https://lkml.kernel.org/r/20240125085127.1327013-1-yosryahmed@xxxxxxxxxx > > > Fixes: 04fc7816089c ("mm: fix zswap writeback race condition") > > > Signed-off-by: Yosry Ahmed <yosryahmed@xxxxxxxxxx> > > > Reviewed-by: Chengming Zhou <zhouchengming@xxxxxxxxxxxxx> > > > Acked-by: Johannes Weiner <hannes@xxxxxxxxxxx> > > > Reviewed-by: Nhat Pham <nphamcs@xxxxxxxxx> > > > Cc: Domenico Cerasuolo <cerasuolodomenico@xxxxxxxxx> > > > Cc: <stable@xxxxxxxxxxxxxxx> > > > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > > > (cherry picked from commit e3b63e966cac0bf78aaa1efede1827a252815a1d) > > > Signed-off-by: Yosry Ahmed <yosryahmed@xxxxxxxxxx> > > > > What tree is this for? > > This is for 6.6.y, sorry I messed up the subject prefix. Do I need to resend? Ah, here is the 6.6.y version, missed it, sorry for the noise. I'll go queue this and the 6.1.y version up now. thanks, greg k-h
