Re: [PATCH RFC] mm: Fix kernel BUG when userfaultfd_move encounters swapcache
From: Peter Xu
Date: Wed Feb 19 2025 - 17:31:57 EST
On Thu, Feb 20, 2025 at 12:25:19AM +1300, Barry Song wrote:
> @@ -1079,9 +1080,19 @@ static int move_swap_pte(struct mm_struct *mm,
> pmd_t *dst_pmd, pmd_t dst_pmdval,
> spinlock_t *dst_ptl, spinlock_t *src_ptl)
> {
> + struct folio *folio;
> + swp_entry_t entry;
> +
> if (!pte_swp_exclusive(orig_src_pte))
> return -EBUSY;
>
> + entry = pte_to_swp_entry(orig_src_pte);
> + folio = filemap_get_folio(swap_address_space(entry), swap_cache_index(entry));
[Besides what's being discussed elsewhere..]
swap_cache_get_folio() says:
* Caller must lock the swap device or hold a reference to keep it valid.
Do we need get_swap_device() too here to avoid swapoff race?
> + if (!IS_ERR(folio)) {
> + folio_put(folio);
> + return -EBUSY;
> + }
> +
> double_pt_lock(dst_ptl, src_ptl);
>
> if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte,
> --
> 2.39.3 (Apple Git-146)
>
--
Peter Xu