| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3d07c68f-da11-43d8-a2da-6b200b2fa40a@linux.alibaba.com>
Date: Sat, 7 Jun 2025 14:11:41 +0800
From: Baolin Wang <baolin.wang@...ux.alibaba.com>
To: Kemeng Shi <shikemeng@...weicloud.com>, hughd@...gle.com,
willy@...radead.org, akpm@...ux-foundation.org
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH 1/7] mm: shmem: correctly pass alloced parameter to
shmem_recalc_inode() to avoid WARN_ON()
On 2025/6/6 06:10, Kemeng Shi wrote:
> As noted in the comments, we need to release block usage for swap entry
> which was replaced with poisoned swap entry. However, no block usage is
> actually freed by calling shmem_recalc_inode(inode, -nr_pages, -nr_pages).
> Instead, call shmem_recalc_inode(inode, 0, -nr_pages) can correctly release
> the block usage.
>
> Fixes: 6cec2b95dadf7 ("mm/shmem: fix infinite loop when swap in shmem error at swapoff time")
> Signed-off-by: Kemeng Shi <shikemeng@...weicloud.com>
> ---
> mm/shmem.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 4b42419ce6b2..e27d19867e03 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -2145,7 +2145,7 @@ static void shmem_set_folio_swapin_error(struct inode *inode, pgoff_t index,
> * won't be 0 when inode is released and thus trigger WARN_ON(i_blocks)
> * in shmem_evict_inode().
> */
> - shmem_recalc_inode(inode, -nr_pages, -nr_pages);
> + shmem_recalc_inode(inode, 0, -nr_pages);
> swap_free_nr(swap, nr_pages);
> }
Have you tested your patch? When I inject an error to test your patch,
the following issue will be triggered:
[ 127.173330] ------------[ cut here ]------------
[ 127.173331] WARNING: CPU: 13 PID: 6860 at mm/shmem.c:1388
shmem_evict_inode+0xf0/0x348
[ 127.173920] CPU: 13 UID: 0 PID: 6860 Comm: shmem_swapin_er Kdump:
loaded Tainted: G E 6.15.0-rc6+ #54 VOLUNTARY
[ 127.173925] pstate: 63401005 (nZCv daif +PAN -UAO +TCO +DIT +SSBS
BTYPE=--)
[ 127.173927] pc : shmem_evict_inode+0xf0/0x348
[ 127.173929] lr : shmem_evict_inode+0x68/0x348
[ 127.173931] sp : ffff8000895639e0
[ 127.173932] x29: ffff8000895639e0 x28: 0000000000000006 x27:
ffff00013754bfc0
[ 127.173935] x26: ffff800080d8f160 x25: 0000000000000006 x24:
ffff0000c0aab440
[ 127.173937] x23: ffff00013754b780 x22: ffff00013754b780 x21:
ffff0000cbc9c6b0
[ 127.173940] x20: ffff0000c0aab440 x19: ffff0000cbc9c700 x18:
0000000000000030
[ 127.173942] x17: 0000ffffa1f4cfff x16: 0000000000000003 x15:
0000000000001000
[ 127.173945] x14: 00000000ffffffff x13: 0000000000000004 x12:
ffff800089563108
[ 127.173947] x11: 0000000000000000 x10: 0000000000000002 x9 :
ffff800080352080
[ 127.173949] x8 : fffffffffffffffe x7 : ffff800089563700 x6 :
0000000000000001
[ 127.173952] x5 : 0000000000000004 x4 : 0000000000000002 x3 :
0000000000000002
[ 127.173954] x2 : 0000000000000000 x1 : 0000000000000000 x0 :
ffffffffffffff80
[ 127.173957] Call trace:
[ 127.173958] shmem_evict_inode+0xf0/0x348 (P)
[ 127.173961] evict+0x1c8/0x2c8
[ 127.173964] iput_final+0x84/0x1a0
[ 127.173966] iput.part.0+0xd0/0xf0
[ 127.173968] iput+0x20/0x38
[ 127.173971] dentry_unlink_inode+0xc0/0x158
[ 127.173973] __dentry_kill+0x80/0x248
[ 127.173974] dput+0xf0/0x240
[ 127.173976] __fput+0x120/0x2f0
[ 127.173978] ____fput+0x18/0x28
[ 127.173980] task_work_run+0x88/0x120
[ 127.173983] do_exit+0x198/0x3c0
[ 127.173986] do_group_exit+0x38/0xa0
[ 127.173987] get_signal+0x6ac/0x6b8
[ 127.173990] do_signal+0x100/0x208
[ 127.173991] do_notify_resume+0xc8/0x158
[ 127.173994] el0_da+0xbc/0xc0
[ 127.173997] el0t_64_sync_handler+0x70/0xc8
[ 127.173999] el0t_64_sync+0x154/0x158
[ 127.174001] ---[ end trace 0000000000000000 ]---
Powered by blists - more mailing lists