From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 27 Feb 2024 09:18:37 +0000 (+0100)
Subject: 6.7-stable patches
X-Git-Tag: v4.19.308~23
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9fa348a78bc85798faa173a7fb587b4d26544dff;p=thirdparty%2Fkernel%2Fstable-queue.git

6.7-stable patches

added patches:
	mm-zswap-fix-missing-folio-cleanup-in-writeback-race-path.patch
---

diff --git a/queue-6.7/mm-zswap-fix-missing-folio-cleanup-in-writeback-race-path.patch b/queue-6.7/mm-zswap-fix-missing-folio-cleanup-in-writeback-race-path.patch
new file mode 100644
index 00000000000..dde30fcbd9e
--- /dev/null
+++ b/queue-6.7/mm-zswap-fix-missing-folio-cleanup-in-writeback-race-path.patch
@@ -0,0 +1,48 @@
+From e3b63e966cac0bf78aaa1efede1827a252815a1d Mon Sep 17 00:00:00 2001
+From: Yosry Ahmed <yosryahmed@google.com>
+Date: Thu, 25 Jan 2024 08:51:27 +0000
+Subject: mm: zswap: fix missing folio cleanup in writeback race path
+
+From: Yosry Ahmed <yosryahmed@google.com>
+
+commit e3b63e966cac0bf78aaa1efede1827a252815a1d upstream.
+
+In zswap_writeback_entry(), after we get a folio from
+__read_swap_cache_async(), we grab the tree lock again to check that the
+swap entry was not invalidated and recycled.  If it was, we delete the
+folio we just added to the swap cache and exit.
+
+However, __read_swap_cache_async() returns the folio locked when it is
+newly allocated, which is always true for this path, and the folio is
+ref'd.  Make sure to unlock and put the folio before returning.
+
+This was discovered by code inspection, probably because this path handles
+a race condition that should not happen often, and the bug would not crash
+the system, it will only strand the folio indefinitely.
+
+Link: https://lkml.kernel.org/r/20240125085127.1327013-1-yosryahmed@google.com
+Fixes: 04fc7816089c ("mm: fix zswap writeback race condition")
+Signed-off-by: Yosry Ahmed <yosryahmed@google.com>
+Reviewed-by: Chengming Zhou <zhouchengming@bytedance.com>
+Acked-by: Johannes Weiner <hannes@cmpxchg.org>
+Reviewed-by: Nhat Pham <nphamcs@gmail.com>
+Cc: Domenico Cerasuolo <cerasuolodomenico@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Yosry Ahmed <yosryahmed@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/zswap.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/mm/zswap.c
++++ b/mm/zswap.c
+@@ -1105,6 +1105,8 @@ static int zswap_writeback_entry(struct
+ 	if (zswap_rb_search(&tree->rbroot, swp_offset(entry->swpentry)) != entry) {
+ 		spin_unlock(&tree->lock);
+ 		delete_from_swap_cache(page_folio(page));
++		unlock_page(page);
++		put_page(page);
+ 		ret = -ENOMEM;
+ 		goto fail;
+ 	}
diff --git a/queue-6.7/series b/queue-6.7/series
index a16b05a361c..fd250318dba 100644
--- a/queue-6.7/series
+++ b/queue-6.7/series
@@ -327,3 +327,4 @@ drm-amd-display-fix-potential-null-pointer-dereferen.patch
 drm-amd-display-fix-memory-leak-in-dm_sw_fini.patch
 drm-amd-display-fix-null-pointer-dereference-on-edid.patch
 i2c-imx-when-being-a-target-mark-the-last-read-as-pr.patch
+mm-zswap-fix-missing-folio-cleanup-in-writeback-race-path.patch