Re: [PATCH RFC] mm: Fix kernel BUG when userfaultfd_move encounters swapcache

From: Peter Xu
Date: Wed Feb 19 2025 - 17:31:57 EST

Next message: Thinh Nguyen: "Re: [PATCH v3] usb: dwc3: gadget: Prevent irq storm when TH re-executes"
Previous message: Namhyung Kim: "Re: [PATCH v1] perf parse-events: Tidy name token matching"
In reply to: Lokesh Gidra: "Re: [PATCH RFC] mm: Fix kernel BUG when userfaultfd_move encounters swapcache"
Next in thread: Barry Song: "Re: [PATCH RFC] mm: Fix kernel BUG when userfaultfd_move encounters swapcache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 20, 2025 at 12:25:19AM +1300, Barry Song wrote:
> @@ -1079,9 +1080,19 @@ static int move_swap_pte(struct mm_struct *mm,
> pmd_t *dst_pmd, pmd_t dst_pmdval,
> spinlock_t *dst_ptl, spinlock_t *src_ptl)
> {
> + struct folio *folio;
> + swp_entry_t entry;
> +
> if (!pte_swp_exclusive(orig_src_pte))
> return -EBUSY;
>
> + entry = pte_to_swp_entry(orig_src_pte);
> + folio = filemap_get_folio(swap_address_space(entry), swap_cache_index(entry));

[Besides what's being discussed elsewhere..]

swap_cache_get_folio() says:

* Caller must lock the swap device or hold a reference to keep it valid.

Do we need get_swap_device() too here to avoid swapoff race?

> + if (!IS_ERR(folio)) {
> + folio_put(folio);
> + return -EBUSY;
> + }
> +
> double_pt_lock(dst_ptl, src_ptl);
>
> if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte,
> --
> 2.39.3 (Apple Git-146)
>

--
Peter Xu

Next message: Thinh Nguyen: "Re: [PATCH v3] usb: dwc3: gadget: Prevent irq storm when TH re-executes"
Previous message: Namhyung Kim: "Re: [PATCH v1] perf parse-events: Tidy name token matching"
In reply to: Lokesh Gidra: "Re: [PATCH RFC] mm: Fix kernel BUG when userfaultfd_move encounters swapcache"
Next in thread: Barry Song: "Re: [PATCH RFC] mm: Fix kernel BUG when userfaultfd_move encounters swapcache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]