From: Andrew Morton <akpm@linux-foundation.org>
To: akpm@linux-foundation.org, aquini@redhat.com,
cmaiolino@redhat.com, david@fromorbit.com, esandeen@redhat.com,
hsiangkao@redhat.com, linux-mm@kvack.org,
mm-commits@vger.kernel.org, shy828301@gmail.com,
stable@vger.kernel.org, torvalds@linux-foundation.org,
willy@infradead.org, ying.huang@intel.com
Subject: [patch 1/9] mm, THP, swap: fix allocating cluster for swapfile by mistake
Date: Fri, 25 Sep 2020 21:19:01 -0700 [thread overview]
Message-ID: <20200926041901.P-A_BQZ2V%akpm@linux-foundation.org> (raw)
In-Reply-To: <20200925211725.0fea54be9e9715486efea21f@linux-foundation.org>
From: Gao Xiang <hsiangkao@redhat.com>
Subject: mm, THP, swap: fix allocating cluster for swapfile by mistake
SWP_FS is used to make swap_{read,write}page() go through the filesystem,
and it's only used for swap files over NFS. So, !SWP_FS means non NFS for
now, it could be either file backed or device backed. Something similar
goes with legacy SWP_FILE.
So in order to achieve the goal of the original patch, SWP_BLKDEV should
be used instead.
FS corruption can be observed with SSD device + XFS + fragmented swapfile
due to CONFIG_THP_SWAP=y.
I reproduced the issue with the following details:
Environment:
QEMU + upstream kernel + buildroot + NVMe (2 GB)
Kernel config:
CONFIG_BLK_DEV_NVME=y
CONFIG_THP_SWAP=y
Some reproducable steps:
mkfs.xfs -f /dev/nvme0n1
mkdir /tmp/mnt
mount /dev/nvme0n1 /tmp/mnt
bs="32k"
sz="1024m" # doesn't matter too much, I also tried 16m
xfs_io -f -c "pwrite -R -b $bs 0 $sz" -c "fdatasync" /tmp/mnt/sw
xfs_io -f -c "pwrite -R -b $bs 0 $sz" -c "fdatasync" /tmp/mnt/sw
xfs_io -f -c "pwrite -R -b $bs 0 $sz" -c "fdatasync" /tmp/mnt/sw
xfs_io -f -c "pwrite -F -S 0 -b $bs 0 $sz" -c "fdatasync" /tmp/mnt/sw
xfs_io -f -c "pwrite -R -b $bs 0 $sz" -c "fsync" /tmp/mnt/sw
mkswap /tmp/mnt/sw
swapon /tmp/mnt/sw
stress --vm 2 --vm-bytes 600M # doesn't matter too much as well
Symptoms:
- FS corruption (e.g. checksum failure)
- memory corruption at: 0xd2808010
- segfault
Link: https://lkml.kernel.org/r/20200820045323.7809-1-hsiangkao@redhat.com
Fixes: f0eea189e8e9 ("mm, THP, swap: Don't allocate huge cluster for file backed swap device")
Fixes: 38d8b4e6bdc8 ("mm, THP, swap: delay splitting THP during swap out")
Signed-off-by: Gao Xiang <hsiangkao@redhat.com>
Reviewed-by: "Huang, Ying" <ying.huang@intel.com>
Reviewed-by: Yang Shi <shy828301@gmail.com>
Acked-by: Rafael Aquini <aquini@redhat.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Carlos Maiolino <cmaiolino@redhat.com>
Cc: Eric Sandeen <esandeen@redhat.com>
Cc: Dave Chinner <david@fromorbit.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
mm/swapfile.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/swapfile.c~mm-thp-swap-fix-allocating-cluster-for-swapfile-by-mistake
+++ a/mm/swapfile.c
@@ -1078,7 +1078,7 @@ start_over:
goto nextsi;
}
if (size == SWAPFILE_CLUSTER) {
- if (!(si->flags & SWP_FS))
+ if (si->flags & SWP_BLKDEV)
n_ret = swap_alloc_cluster(si, swp_entries);
} else
n_ret = scan_swap_map_slots(si, SWAP_HAS_CACHE,
_
next prev parent reply other threads:[~2020-09-26 4:19 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-26 4:17 incoming Andrew Morton
2020-09-26 4:19 ` Andrew Morton [this message]
2020-09-26 4:19 ` [patch 2/9] mm: memcontrol: fix missing suffix of workingset_restore Andrew Morton
2020-09-26 4:19 ` [patch 3/9] mm/gup: fix gup_fast with dynamic page table folding Andrew Morton
2020-09-26 4:19 ` [patch 4/9] mm/migrate: correct thp migration stats Andrew Morton
2020-09-26 4:19 ` [patch 5/9] lib/string.c: implement stpcpy Andrew Morton
2020-09-26 4:19 ` [patch 6/9] lib/memregion.c: include memregion.h Andrew Morton
2020-09-26 4:19 ` [patch 7/9] arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback Andrew Morton
2020-09-26 4:19 ` [patch 8/9] mm: replace memmap_context by meminit_context Andrew Morton
2020-09-26 17:32 ` Linus Torvalds
2020-09-26 17:32 ` Linus Torvalds
2020-09-29 6:55 ` Michal Hocko
2020-09-29 16:28 ` Laurent Dufour
2020-09-29 20:37 ` Andrew Morton
2020-09-30 16:00 ` Linus Torvalds
2020-09-30 16:00 ` Linus Torvalds
2020-09-30 17:30 ` Michal Hocko
2020-09-26 4:19 ` [patch 9/9] mm: don't rely on system state to detect hot-plug operations Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200926041901.P-A_BQZ2V%akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=aquini@redhat.com \
--cc=cmaiolino@redhat.com \
--cc=david@fromorbit.com \
--cc=esandeen@redhat.com \
--cc=hsiangkao@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mm-commits@vger.kernel.org \
--cc=shy828301@gmail.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=willy@infradead.org \
--cc=ying.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.