From: Greg Kroah-Hartman Date: Mon, 18 Nov 2019 16:37:26 +0000 (+0100) Subject: drop queue-4.19/mm-page_io.c-do-not-free-shared-swap-slots.patch X-Git-Tag: v5.3.12~22 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b9e2996a160769693f1c176e63629b81fa4de093;p=thirdparty%2Fkernel%2Fstable-queue.git drop queue-4.19/mm-page_io.c-do-not-free-shared-swap-slots.patch --- diff --git a/queue-4.19/mm-page_io.c-do-not-free-shared-swap-slots.patch b/queue-4.19/mm-page_io.c-do-not-free-shared-swap-slots.patch deleted file mode 100644 index 08a6f75e4e2..00000000000 --- a/queue-4.19/mm-page_io.c-do-not-free-shared-swap-slots.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 5df373e95689b9519b8557da7c5bd0db0856d776 Mon Sep 17 00:00:00 2001 -From: Vinayak Menon -Date: Fri, 15 Nov 2019 17:35:00 -0800 -Subject: mm/page_io.c: do not free shared swap slots - -From: Vinayak Menon - -commit 5df373e95689b9519b8557da7c5bd0db0856d776 upstream. - -The following race is observed due to which a processes faulting on a -swap entry, finds the page neither in swapcache nor swap. This causes -zram to give a zero filled page that gets mapped to the process, -resulting in a user space crash later. - -Consider parent and child processes Pa and Pb sharing the same swap slot -with swap_count 2. Swap is on zram with SWP_SYNCHRONOUS_IO set. -Virtual address 'VA' of Pa and Pb points to the shared swap entry. - -Pa Pb - -fault on VA fault on VA -do_swap_page do_swap_page -lookup_swap_cache fails lookup_swap_cache fails - Pb scheduled out -swapin_readahead (deletes zram entry) -swap_free (makes swap_count 1) - Pb scheduled in - swap_readpage (swap_count == 1) - Takes SWP_SYNCHRONOUS_IO path - zram enrty absent - zram gives a zero filled page - -Fix this by making sure that swap slot is freed only when swap count -drops down to one. - -Link: http://lkml.kernel.org/r/1571743294-14285-1-git-send-email-vinmenon@codeaurora.org -Fixes: aa8d22a11da9 ("mm: swap: SWP_SYNCHRONOUS_IO: skip swapcache only if swapped page has no other reference") -Signed-off-by: Vinayak Menon -Suggested-by: Minchan Kim -Acked-by: Minchan Kim -Cc: Michal Hocko -Cc: Hugh Dickins -Cc: -Signed-off-by: Andrew Morton -Signed-off-by: Linus Torvalds -Signed-off-by: Greg Kroah-Hartman - ---- - mm/page_io.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - ---- a/mm/page_io.c -+++ b/mm/page_io.c -@@ -76,6 +76,7 @@ static void swap_slot_free_notify(struct - { - struct swap_info_struct *sis; - struct gendisk *disk; -+ swp_entry_t entry; - - /* - * There is no guarantee that the page is in swap cache - the software -@@ -107,11 +108,10 @@ static void swap_slot_free_notify(struct - * we again wish to reclaim it. - */ - disk = sis->bdev->bd_disk; -- if (disk->fops->swap_slot_free_notify) { -- swp_entry_t entry; -+ entry.val = page_private(page); -+ if (disk->fops->swap_slot_free_notify && __swap_count(entry) == 1) { - unsigned long offset; - -- entry.val = page_private(page); - offset = swp_offset(entry); - - SetPageDirty(page); diff --git a/queue-4.19/series b/queue-4.19/series index 3ab1699fd5a..08d3ed66894 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -29,5 +29,4 @@ iommu-vt-d-fix-qi_dev_iotlb_pfsid-and-qi_dev_eiotlb_pfsid-macros.patch mm-mempolicy-fix-the-wrong-return-value-and-potential-pages-leak-of-mbind.patch mm-memcg-switch-to-css_tryget-in-get_mem_cgroup_from_mm.patch mm-hugetlb-switch-to-css_tryget-in-hugetlb_cgroup_charge_cgroup.patch -mm-page_io.c-do-not-free-shared-swap-slots.patch mmc-sdhci-of-at91-fix-quirk2-overwrite.patch