* [PATCH] shmem: Update folio if shmem_replace_page() updates the page
@ 2022-07-30 4:25 Matthew Wilcox (Oracle)
2022-08-03 0:46 ` Andrew Morton
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Matthew Wilcox (Oracle) @ 2022-07-30 4:25 UTC (permalink / raw)
To: Hugh Dickins, Andrew Morton
Cc: Matthew Wilcox (Oracle), linux-mm, linux-kernel
If we allocate a new page, we need to make sure that our folio matches
that new page. This will be solved by changing shmem_replace_page()
to shmem_replace_folio(), but this is the minimal fix.
Fixes: da08e9b79323 ("mm/shmem: convert shmem_swapin_page() to shmem_swapin_folio()")
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
---
mm/shmem.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/mm/shmem.c b/mm/shmem.c
index a6f565308133..bcc0a3c7b5bf 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1771,6 +1771,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index,
if (shmem_should_replace_folio(folio, gfp)) {
error = shmem_replace_page(&page, gfp, info, index);
+ folio = page_folio(page);
if (error)
goto failed;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] shmem: Update folio if shmem_replace_page() updates the page
2022-07-30 4:25 [PATCH] shmem: Update folio if shmem_replace_page() updates the page Matthew Wilcox (Oracle)
@ 2022-08-03 0:46 ` Andrew Morton
2022-08-03 3:17 ` Matthew Wilcox
2022-08-05 20:52 ` William Kucharski
2022-08-10 16:03 ` Hugh Dickins
2 siblings, 1 reply; 6+ messages in thread
From: Andrew Morton @ 2022-08-03 0:46 UTC (permalink / raw)
To: Matthew Wilcox (Oracle); +Cc: Hugh Dickins, linux-mm, linux-kernel
On Sat, 30 Jul 2022 05:25:18 +0100 "Matthew Wilcox (Oracle)" <willy@infradead.org> wrote:
> If we allocate a new page, we need to make sure that our folio matches
> that new page. This will be solved by changing shmem_replace_page()
> to shmem_replace_folio(), but this is the minimal fix.
>
> ...
>
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -1771,6 +1771,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index,
>
> if (shmem_should_replace_folio(folio, gfp)) {
> error = shmem_replace_page(&page, gfp, info, index);
> + folio = page_folio(page);
> if (error)
> goto failed;
> }
What are the user-visible runtime effects of the bug?
Should we backport this into 5.19.X?
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] shmem: Update folio if shmem_replace_page() updates the page
2022-08-03 0:46 ` Andrew Morton
@ 2022-08-03 3:17 ` Matthew Wilcox
2022-08-05 20:34 ` William Kucharski
0 siblings, 1 reply; 6+ messages in thread
From: Matthew Wilcox @ 2022-08-03 3:17 UTC (permalink / raw)
To: Andrew Morton; +Cc: Hugh Dickins, linux-mm, linux-kernel
On Tue, Aug 02, 2022 at 05:46:37PM -0700, Andrew Morton wrote:
> On Sat, 30 Jul 2022 05:25:18 +0100 "Matthew Wilcox (Oracle)" <willy@infradead.org> wrote:
>
> > If we allocate a new page, we need to make sure that our folio matches
> > that new page. This will be solved by changing shmem_replace_page()
> > to shmem_replace_folio(), but this is the minimal fix.
> >
> > ...
> >
> > --- a/mm/shmem.c
> > +++ b/mm/shmem.c
> > @@ -1771,6 +1771,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index,
> >
> > if (shmem_should_replace_folio(folio, gfp)) {
> > error = shmem_replace_page(&page, gfp, info, index);
> > + folio = page_folio(page);
> > if (error)
> > goto failed;
> > }
>
> What are the user-visible runtime effects of the bug?
>
> Should we backport this into 5.19.X?
Definitely should be backported. The next line not visible in this
patch context says:
error = shmem_add_to_page_cache(folio, mapping, index,
swp_to_radix_entry(swap), gfp,
charge_mm);
so if we do end up in this path, we store the wrong page in the
shmem inode's page cache, and I would rather imagine that data
corruption ensues.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] shmem: Update folio if shmem_replace_page() updates the page
2022-08-03 3:17 ` Matthew Wilcox
@ 2022-08-05 20:34 ` William Kucharski
0 siblings, 0 replies; 6+ messages in thread
From: William Kucharski @ 2022-08-05 20:34 UTC (permalink / raw)
To: Matthew Wilcox; +Cc: Andrew Morton, Hugh Dickins, linux-mm, linux-kernel
Looks good.
Reviewed-by: William Kucharski <william.kucharski@oracle.com>
> On Aug 2, 2022, at 21:18, Matthew Wilcox <willy@infradead.org> wrote:
>
> On Tue, Aug 02, 2022 at 05:46:37PM -0700, Andrew Morton wrote:
>>> On Sat, 30 Jul 2022 05:25:18 +0100 "Matthew Wilcox (Oracle)" <willy@infradead.org> wrote:
>>>
>>> If we allocate a new page, we need to make sure that our folio matches
>>> that new page. This will be solved by changing shmem_replace_page()
>>> to shmem_replace_folio(), but this is the minimal fix.
>>>
>>> ...
>>>
>>> --- a/mm/shmem.c
>>> +++ b/mm/shmem.c
>>> @@ -1771,6 +1771,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index,
>>>
>>> if (shmem_should_replace_folio(folio, gfp)) {
>>> error = shmem_replace_page(&page, gfp, info, index);
>>> + folio = page_folio(page);
>>> if (error)
>>> goto failed;
>>> }
>>
>> What are the user-visible runtime effects of the bug?
>>
>> Should we backport this into 5.19.X?
>
> Definitely should be backported. The next line not visible in this
> patch context says:
>
> error = shmem_add_to_page_cache(folio, mapping, index,
> swp_to_radix_entry(swap), gfp,
> charge_mm);
>
> so if we do end up in this path, we store the wrong page in the
> shmem inode's page cache, and I would rather imagine that data
> corruption ensues.
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] shmem: Update folio if shmem_replace_page() updates the page
2022-07-30 4:25 [PATCH] shmem: Update folio if shmem_replace_page() updates the page Matthew Wilcox (Oracle)
2022-08-03 0:46 ` Andrew Morton
@ 2022-08-05 20:52 ` William Kucharski
2022-08-10 16:03 ` Hugh Dickins
2 siblings, 0 replies; 6+ messages in thread
From: William Kucharski @ 2022-08-05 20:52 UTC (permalink / raw)
To: Matthew Wilcox (Oracle)
Cc: Hugh Dickins, Andrew Morton, linux-mm, linux-kernel
Looks good.
Reviewed-by: William Kucharski <william.kucharski@oracle.com>
> On Jul 29, 2022, at 10:25 PM, Matthew Wilcox (Oracle) <willy@infradead.org> wrote:
>
> If we allocate a new page, we need to make sure that our folio matches
> that new page. This will be solved by changing shmem_replace_page()
> to shmem_replace_folio(), but this is the minimal fix.
>
> Fixes: da08e9b79323 ("mm/shmem: convert shmem_swapin_page() to shmem_swapin_folio()")
> Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
> ---
> mm/shmem.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/mm/shmem.c b/mm/shmem.c
> index a6f565308133..bcc0a3c7b5bf 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -1771,6 +1771,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index,
>
> if (shmem_should_replace_folio(folio, gfp)) {
> error = shmem_replace_page(&page, gfp, info, index);
> + folio = page_folio(page);
> if (error)
> goto failed;
> }
> --
> 2.35.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] shmem: Update folio if shmem_replace_page() updates the page
2022-07-30 4:25 [PATCH] shmem: Update folio if shmem_replace_page() updates the page Matthew Wilcox (Oracle)
2022-08-03 0:46 ` Andrew Morton
2022-08-05 20:52 ` William Kucharski
@ 2022-08-10 16:03 ` Hugh Dickins
2 siblings, 0 replies; 6+ messages in thread
From: Hugh Dickins @ 2022-08-10 16:03 UTC (permalink / raw)
To: Matthew Wilcox (Oracle)
Cc: Hugh Dickins, Andrew Morton, linux-mm, linux-kernel, Zdenek Kabelac
On Sat, 30 Jul 2022, Matthew Wilcox (Oracle) wrote:
> If we allocate a new page, we need to make sure that our folio matches
> that new page. This will be solved by changing shmem_replace_page()
> to shmem_replace_folio(), but this is the minimal fix.
>
> Fixes: da08e9b79323 ("mm/shmem: convert shmem_swapin_page() to shmem_swapin_folio()")
> Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Acked-by: Hugh Dickins <hughd@google.com>
I hit this myself just once, at about the very time you sent the fix.
But, thinking that shmem_replace_page() was special for gma500, couldn't
understand how I (or most people) would ever get there. Turns out that
nowadays tmpfs symlinks longer than 128 can come this way on 32-bit (I
had been testing kmap_local stuff for other reasons).
And today I see that Zdenek hit it on 5.19-rc back in June:
https://lore.kernel.org/lkml/584ae788-05e3-5824-8c85-cbb833677850@redhat.com/
so this patch is definitely one for -stable.
Hugh
> ---
> mm/shmem.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/mm/shmem.c b/mm/shmem.c
> index a6f565308133..bcc0a3c7b5bf 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -1771,6 +1771,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index,
>
> if (shmem_should_replace_folio(folio, gfp)) {
> error = shmem_replace_page(&page, gfp, info, index);
> + folio = page_folio(page);
> if (error)
> goto failed;
> }
> --
> 2.35.1
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-08-10 16:03 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-30 4:25 [PATCH] shmem: Update folio if shmem_replace_page() updates the page Matthew Wilcox (Oracle)
2022-08-03 0:46 ` Andrew Morton
2022-08-03 3:17 ` Matthew Wilcox
2022-08-05 20:34 ` William Kucharski
2022-08-05 20:52 ` William Kucharski
2022-08-10 16:03 ` Hugh Dickins
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.