Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752247AbdCCWvB (ORCPT ); Fri, 3 Mar 2017 17:51:01 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:44084 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752102AbdCCWu6 (ORCPT ); Fri, 3 Mar 2017 17:50:58 -0500 Date: Fri, 3 Mar 2017 14:43:29 -0800 From: Andrew Morton To: "Huang, Ying" Cc: Hugh Dickins , Shaohua Li , Minchan Kim , Rik van Riel , Tim Chen , linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] mm, swap: Fix a race in free_swap_and_cache() Message-Id: <20170303144329.94d47b1015ba2f18f64c5893@linux-foundation.org> In-Reply-To: <20170301143905.12846-1-ying.huang@intel.com> References: <20170301143905.12846-1-ying.huang@intel.com> X-Mailer: Sylpheed 3.4.1 (GTK+ 2.24.23; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 821 Lines: 15 On Wed, 1 Mar 2017 22:38:09 +0800 "Huang, Ying" wrote: > Before using cluster lock in free_swap_and_cache(), the > swap_info_struct->lock will be held during freeing the swap entry and > acquiring page lock, so the page swap count will not change when > testing page information later. But after using cluster lock, the > cluster lock (or swap_info_struct->lock) will be held only during > freeing the swap entry. So before acquiring the page lock, the page > swap count may be changed in another thread. If the page swap count > is not 0, we should not delete the page from the swap cache. This is > fixed via checking page swap count again after acquiring the page > lock. What are the user-visible runtime effects of this bug? Please always include this info when fixing things, thanks.