• Shaohua Li's avatar
    swap: fix races exposed by swap discard · edfe23da
    Shaohua Li authored
    The previous patch can expose races, according to Hugh:
    
    swapoff was sometimes failing with "Cannot allocate memory", coming from
    try_to_unuse()'s -ENOMEM: it needs to allow for swap_duplicate() failing
    on a free entry temporarily SWAP_MAP_BAD while being discarded.
    
    We should use ACCESS_ONCE() there, and whenever accessing swap_map
    locklessly; but rather than peppering it throughout try_to_unuse(), just
    declare *swap_map with volatile.
    
    try_to_unuse() is accustomed to *swap_map going down racily, but not
    necessarily to it jumping up from 0 to SWAP_MAP_BAD: we'll be safer to
    prevent that transition once SWP_WRITEOK is switched off, when it's a
    waste of time to issue discards anyway (swapon can do a whole discard).
    
    Another issue is:
    
    In swapin_readahead(), read_swap_cache_async() can read a bad swap entry,
    because we don't check if readahead swap entry is bad.  This doesn't break
    anything but such swapin page is wasteful and can only be freed at page
    reclaim.  We should avoid read such swap entry.  And in discard, we mark
    swap entry SWAP_MAP_BAD and then switch it to normal when discard is
    finished.  If readahead reads such swap entry, we have the same issue, so
    we much check if swap entry is bad too.
    
    Thanks Hugh to inspire swapin_readahead could use bad swap entry.
    
    [include Hugh's patch 'swap: fix swapoff ENOMEMs from discard']
    Signed-off-by: default avatarShaohua Li <shli@fusionio.com>
    Signed-off-by: default avatarHugh Dickins <hughd@google.com>
    Cc: Rik van Riel <riel@redhat.com>
    Cc: Minchan Kim <minchan@kernel.org>
    Cc: Kyungmin Park <kmpark@infradead.org>
    Cc: Rafael Aquini <aquini@redhat.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    edfe23da
swapfile.c 75 KB