| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 Jul 2021 13:23:07 -0700 (PDT)
From: Hugh Dickins <hughd@...gle.com>
To: Huang Ying <ying.huang@...el.com>
cc: Andrew Morton <akpm@...ux-foundation.org>,
David Hildenbrand <david@...hat.com>,
Yang Shi <shy828301@...il.com>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, Miaohe Lin <linmiaohe@...wei.com>,
Hugh Dickins <hughd@...gle.com>,
Johannes Weiner <hannes@...xchg.org>,
Michal Hocko <mhocko@...e.com>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Matthew Wilcox <willy@...radead.org>,
Minchan Kim <minchan@...nel.org>
Subject: Re: [PATCH] mm,shmem: Fix a typo in shmem_swapin_page()
On Fri, 23 Jul 2021, Huang Ying wrote:
> "-" is missing before "EINVAL".
>
> Fixes: 2efa33fc7f6e ("mm/shmem: fix shmem_swapin() race with swapoff")
> Signed-off-by: "Huang, Ying" <ying.huang@...el.com>
> Cc: Miaohe Lin <linmiaohe@...wei.com>
> Cc: Hugh Dickins <hughd@...gle.com>
> Cc: Johannes Weiner <hannes@...xchg.org>
> Cc: Michal Hocko <mhocko@...e.com>
> Cc: Joonsoo Kim <iamjoonsoo.kim@....com>
> Cc: Matthew Wilcox <willy@...radead.org>
> Cc: Minchan Kim <minchan@...nel.org>
> ---
> mm/shmem.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 9af4b2173fe9..e201a3ba12fa 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -1708,7 +1708,7 @@ static int shmem_swapin_page(struct inode *inode, pgoff_t index,
> /* Prevent swapoff from happening to us. */
> si = get_swap_device(swap);
> if (!si) {
> - error = EINVAL;
> + error = -EINVAL;
> goto failed;
> }
> /* Look it up and read it in.. */
> --
> 2.30.2
Thanks for catching that; and as David says, it's worse than a typo.
But this is not the right fix:
2efa33fc7f6e ("mm/shmem: fix shmem_swapin() race with swapoff")
needs to be reverted.
It's been on my pile to look at for weeks: now I look at it and see
it's just a bad patch. Over-enthusiastic stablehands already rushed
it out, I was wary, and reverts are already in -rc for 5.13 and 5.10,
phew, but 5.12.19 EOL is stuck with it unfortunately, oh well.
I was wary because, if the (never observed) race to be fixed is in
swap_cluster_readahead(), why was shmem_swapin_page() being patched?
Not explained in its commit message, probably a misunderstanding of
how mm/shmem.c already manages races (and prefers not to be involved
in swap_info_struct stuff).
But why do I now say it's bad? Because even if you correct the EINVAL
to -EINVAL, that's an unexpected error: -EEXIST is common, -ENOMEM is
not surprising, -ENOSPC can need consideration, but -EIO and anything
else just end up as SIGBUS when faulting (or as error from syscall).
So, 2efa33fc7f6e converts a race with swapoff to SIGBUS: not good,
and I think much more likely than the race to be fixed (since
swapoff's percpu_ref_kill() rightly comes before synchronize_rcu()).
2efa33fc7f6e was intending to fix a race introduced by two-year-old
8fd2e0b505d1 ("mm: swap: check if swap backing device is congested
or not"), which added a call to inode_read_congested(). Certainly
relying on si->swap_file->f_mapping->host there was new territory:
whether actually racy I'm not sure offhand - I've forgotten whether
synchronize_rcu() waits for preempted tasks or not.
But if it is racy, then I wonder if the right fix might be to revert
8fd2e0b505d1 too. Convincing numbers were offered for it, but I'm
puzzled: because Matthew has in the past noted that the block layer
broke and further broke bdi congestion tracking (I don't know the
relevant release numbers), so I don't understand how checking
inode_read_congested() is actually useful there nowadays.
No need to hurry to a conclusion on 8fd2e0b505d1;
but 2efa33fc7f6e should definitely be reverted.
Thanks,
Hugh
Powered by blists - more mailing lists