One of my VM guest has a swapon issue:
root #swapon -v -f /swap1
swapon /swap1
swapon: /swap1: found swap signature: version 1, page-size 4, same byte order
swapon: /swap1: pagesize=4096, swapsize=1607467008, devsize=1607467008
swapon: /swap1: swapon failed: Invalid argument
and bisection report commit 822bca52ee7e "mm/swapfile.c: fix potential
memory leak in sys_swapon" cause the trouble.
Go through the context I found the exit_swap_address_space(p->type)
shouldn't be used in good result path. So just move it to error path.
Fixes: 822bca52ee7e ("mm/swapfile.c: fix potential memory leak in
sys_swapon")
Signed-off-by: Alex Shi <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: "Darrick J. Wong" <[email protected]>
Cc: Miaohe Lin <[email protected]>
Cc: Hugh Dickins <[email protected]>
Cc: [email protected]
Cc: [email protected]
---
mm/swapfile.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/mm/swapfile.c b/mm/swapfile.c
index c8966b8fc6ac..1ac1f737fee3 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -3339,7 +3339,8 @@ static bool swap_discardable(struct swap_info_struct *si)
error = inode_drain_writes(inode);
if (error) {
inode->i_flags &= ~S_SWAPFILE;
- goto free_swap_address_space;
+ exit_swap_address_space(p->type);
+ goto bad_swap_unlock_inode;
}
mutex_lock(&swapon_mutex);
@@ -3364,8 +3365,6 @@ static bool swap_discardable(struct swap_info_struct *si)
error = 0;
goto out;
-free_swap_address_space:
- exit_swap_address_space(p->type);
bad_swap_unlock_inode:
inode_unlock(inode);
bad_swap:
--
1.8.3.1
On Mon, Nov 09, 2020 at 07:47:16PM +0800, Alex Shi wrote:
> Go through the context I found the exit_swap_address_space(p->type)
> shouldn't be used in good result path. So just move it to error path.
But ... it's not used in the success path. There's a 'goto' right
before it. Does this really fix your problem?
> @@ -3339,7 +3339,8 @@ static bool swap_discardable(struct swap_info_struct *si)
> error = inode_drain_writes(inode);
> if (error) {
> inode->i_flags &= ~S_SWAPFILE;
> - goto free_swap_address_space;
> + exit_swap_address_space(p->type);
> + goto bad_swap_unlock_inode;
> }
>
> mutex_lock(&swapon_mutex);
> @@ -3364,8 +3365,6 @@ static bool swap_discardable(struct swap_info_struct *si)
>
> error = 0;
> goto out;
> -free_swap_address_space:
> - exit_swap_address_space(p->type);
> bad_swap_unlock_inode:
> inode_unlock(inode);
> bad_swap:
> --
> 1.8.3.1
>
>
Hi:
Alex Shi <[email protected]> wrote:
> One of my VM guest has a swapon issue:
> root #swapon -v -f /swap1
> swapon /swap1
> swapon: /swap1: found swap signature: version 1, page-size 4, same byte order
> swapon: /swap1: pagesize=4096, swapsize=1607467008, devsize=1607467008
> swapon: /swap1: swapon failed: Invalid argument
>
> and bisection report commit 822bca52ee7e "mm/swapfile.c: fix potential memory leak in sys_swapon" cause the trouble.
>
> Go through the context I found the exit_swap_address_space(p->type) shouldn't be used in good result path. So just move it to error path.
>
Many thanks for your patch. But I'am somehow confused as we only do the label free_swap_address_space stuff in error path. And the good result
path can't reach here as it just goto out before free_swap_address_space label. Could you please explain it for me more detailed?
Thanks again.
> Fixes: 822bca52ee7e ("mm/swapfile.c: fix potential memory leak in
> sys_swapon")
> Signed-off-by: Alex Shi <[email protected]>
> Cc: Andrew Morton <[email protected]>
?? 2020/11/9 ????8:07, Matthew Wilcox д??:
> On Mon, Nov 09, 2020 at 07:47:16PM +0800, Alex Shi wrote:
>> Go through the context I found the exit_swap_address_space(p->type)
>> shouldn't be used in good result path. So just move it to error path.
>
> But ... it's not used in the success path. There's a 'goto' right
> before it. Does this really fix your problem?
>
The trick thing is. It do fix my problem on my centos 7 with gcc 8.3.1...
I am getting headache on this problem...
>> @@ -3339,7 +3339,8 @@ static bool swap_discardable(struct swap_info_struct *si)
>> error = inode_drain_writes(inode);
>> if (error) {
>> inode->i_flags &= ~S_SWAPFILE;
>> - goto free_swap_address_space;
>> + exit_swap_address_space(p->type);
>> + goto bad_swap_unlock_inode;
>> }
>>
>> mutex_lock(&swapon_mutex);
>> @@ -3364,8 +3365,6 @@ static bool swap_discardable(struct swap_info_struct *si)
>>
>> error = 0;
>> goto out;
>> -free_swap_address_space:
>> - exit_swap_address_space(p->type);
>> bad_swap_unlock_inode:
>> inode_unlock(inode);
>> bad_swap:
>> --
>> 1.8.3.1
>>
>>
?? 2020/11/9 ????8:17, Alex Shi д??:
>
>
> ?? 2020/11/9 ????8:07, Matthew Wilcox д??:
>> On Mon, Nov 09, 2020 at 07:47:16PM +0800, Alex Shi wrote:
>>> Go through the context I found the exit_swap_address_space(p->type)
>>> shouldn't be used in good result path. So just move it to error path.
>>
>> But ... it's not used in the success path. There's a 'goto' right
>> before it. Does this really fix your problem?
>>
>
> The trick thing is. It do fix my problem on my centos 7 with gcc 8.3.1...
>
> I am getting headache on this problem...
Checked again on my git tree. nothing weird, and code based on
cf7cd542d1b5 Add linux-next specific files for 20201104
Sorry, I have no idea where is the problem...
>
>>> @@ -3339,7 +3339,8 @@ static bool swap_discardable(struct swap_info_struct *si)
>>> error = inode_drain_writes(inode);
>>> if (error) {
>>> inode->i_flags &= ~S_SWAPFILE;
>>> - goto free_swap_address_space;
>>> + exit_swap_address_space(p->type);
>>> + goto bad_swap_unlock_inode;
>>> }
>>>
>>> mutex_lock(&swapon_mutex);
>>> @@ -3364,8 +3365,6 @@ static bool swap_discardable(struct swap_info_struct *si)
>>>
>>> error = 0;
>>> goto out;
>>> -free_swap_address_space:
>>> - exit_swap_address_space(p->type);
>>> bad_swap_unlock_inode:
>>> inode_unlock(inode);
>>> bad_swap:
>>> --
>>> 1.8.3.1
>>>
>>>