[PATCH] mm: call swap_slot_free_notify with holding page lock

From: Minchan Kim
Date: Mon Mar 28 2016 - 10:08:14 EST

Next message: Pratyush Anand: "Re: [PATCH v14 3/4] ARM64: add SBSA Generic Watchdog device node in amd-seattle-soc.dtsi"
Previous message: Josef Bacik: "Re: btrfs_destroy_inode WARN_ON."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kyeongdon reported below error which is BUG_ON(!PageSwapCache(page))
in page_swap_info.
The reason is that page_endio in rw_page unlocks the page if read I/O
is completed so we need to hold a PG_lock again to check PageSwapCache.
Otherwise, the page can be removed from swapcache and trigger below
BUG_ON.

[27833.995833] ------------[ cut here ]------------
[27833.995853] Kernel BUG at c00f9040 [verbose debug info unavailable]
[27833.995865] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
[27833.995876] Modules linked in:
[27833.995892] CPU: 4 PID: 13446 Comm: RenderThread Tainted: G W
3.10.84-g9f14aec-dirty #73
[27833.995903] task: c3b73200 ti: dd192000 task.ti: dd192000
[27833.995922] PC is at page_swap_info+0x10/0x2c
[27833.995934] LR is at swap_slot_free_notify+0x18/0x6c
[27833.995946] pc : [<c00f9040>] lr : [<c00f5560>] psr: 400f0113
[27833.995946] sp : dd193d78 ip : c2deb1e4 fp : da015180
[27833.995959] r10: 00000000 r9 : 000200da r8 : c120fe08
[27833.995968] r7 : 00000000 r6 : 00000000 r5 : c249a6c0 r4 : =
c249a6c0
[27833.995979] r3 : 00000000 r2 : 40080009 r1 : 200f0113 r0 : =
c249a6c0
..<snip>
[27833.996273] [<c00f9040>] (page_swap_info+0x10/0x2c) from [<c00f5560>]
(swap_slot_free_notify+0x18/0x6c)
[27833.996288] [<c00f5560>] (swap_slot_free_notify+0x18/0x6c) from
[<c00f5c5c>] (swap_readpage+0x90/0x11c)
[27833.996302] [<c00f5c5c>] (swap_readpage+0x90/0x11c) from [<c00f62dc>]
(read_swap_cache_async+0x134/0x1ac)
[27833.996317] [<c00f62dc>] (read_swap_cache_async+0x134/0x1ac) from
[<c00f63c4>] (swapin_readahead+0x70/0xb0)
[27833.996334] [<c00f63c4>] (swapin_readahead+0x70/0xb0) from =
[<c00e87e0>]
(handle_pte_fault+0x320/0x6fc)
[27833.996348] [<c00e87e0>] (handle_pte_fault+0x320/0x6fc) from
[<c00e8c7c>] (handle_mm_fault+0xc0/0xf0)
[27833.996363] [<c00e8c7c>] (handle_mm_fault+0xc0/0xf0) from =
[<c001ac18>]
(do_page_fault+0x11c/0x36c)
[27833.996378] [<c001ac18>] (do_page_fault+0x11c/0x36c) from =
[<c000838c>]
(do_DataAbort+0x34/0x118)
[27833.996392] [<c000838c>] (do_DataAbort+0x34/0x118) from [<c000d8b4>]
(__dabt_usr+0x34/0x40)

Reported-by: Kyeongdon Kim <kyeongdon.kim@xxxxxxx>
Signed-off-by: Minchan Kim <minchan@xxxxxxxxxx>
---
mm/page_io.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mm/page_io.c b/mm/page_io.c
index 18aac7819cc9..57e279b71695 100644
--- a/mm/page_io.c
+++ b/mm/page_io.c
@@ -353,7 +353,11 @@ int swap_readpage(struct page *page)

ret = bdev_read_page(sis->bdev, swap_page_sector(page), page);
if (!ret) {
- swap_slot_free_notify(page);
+ if (trylock_page(page)) {
+ swap_slot_free_notify(page);
+ unlock_page(page);
+ }
+
count_vm_event(PSWPIN);
return 0;
}
--
1.9.1

Next message: Pratyush Anand: "Re: [PATCH v14 3/4] ARM64: add SBSA Generic Watchdog device node in amd-seattle-soc.dtsi"
Previous message: Josef Bacik: "Re: btrfs_destroy_inode WARN_ON."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]