From patchwork Fri Jan 26 08:30:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chengming Zhou X-Patchwork-Id: 13532185 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5C28C47422 for ; Fri, 26 Jan 2024 08:32:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 40C9A6B00B0; Fri, 26 Jan 2024 03:32:02 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 3BD656B00B1; Fri, 26 Jan 2024 03:32:02 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 283CB6B00B2; Fri, 26 Jan 2024 03:32:02 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 10F9D6B00B0 for ; Fri, 26 Jan 2024 03:32:02 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id A2CC240301 for ; Fri, 26 Jan 2024 08:32:01 +0000 (UTC) X-FDA: 81720794442.23.E7880EC Received: from out-185.mta1.migadu.com (out-185.mta1.migadu.com [95.215.58.185]) by imf01.hostedemail.com (Postfix) with ESMTP id D198D40002 for ; Fri, 26 Jan 2024 08:31:58 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=t38FsnZ1; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf01.hostedemail.com: domain of chengming.zhou@linux.dev designates 95.215.58.185 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706257919; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=ul4Yj318/IPfN1mLm2oHYHwsIT4SRkZ2huqI5cSMQ1M=; b=O2AonfSq3UGhYNr4NI84VIBZlhgt/NbKrP/hLNeq6w5UD1slY1hS9WZ494Fd3JeZH9NuGi 2osK+CnOKZH5iXU/lIRqL7uR/hC2P+XuJtZJx2/ufaqEB9fa436qeUGbtKCv7OKOU7PixK PzYHThaVGhrQmQp3UzxAdoB2dCUuKYE= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=t38FsnZ1; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf01.hostedemail.com: domain of chengming.zhou@linux.dev designates 95.215.58.185 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706257919; a=rsa-sha256; cv=none; b=IOTdoDZRhNh71R9KohPyrt4KFRkas5+NzQ/A63gmwjDgpQy7qicMNX6pr9J5gh6+BFUIiZ YZLfZ/LVJB1xbBt2//C03euZOOui0Nk5rW7J6SnehxM4MFicQryWqTKTsiqM2H5V0qmovX mwxdMl5tYsi2d8JXhWv8uswchSkWSqU= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1706257917; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=ul4Yj318/IPfN1mLm2oHYHwsIT4SRkZ2huqI5cSMQ1M=; b=t38FsnZ1Muc6VXvBr4BPW2hj/FxunpwClITeZKYaX+yMeSCpB5klMmu1qlnZQ4WYYk6bbD 1GiLoLKVo/wWom1Stp4eARMN/cROOzoWLXX5GTzdXy3ExsHOa9BKTaRBTPCWWV6Uvk/adX uepBwPm12pYL45eeBg0ZxwSF2w5x0dg= From: chengming.zhou@linux.dev To: hannes@cmpxchg.org, yosryahmed@google.com, nphamcs@gmail.com, akpm@linux-foundation.org Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, chengming.zhou@linux.dev, Chengming Zhou Subject: [PATCH 1/2] mm/zswap: don't return LRU_SKIP if we have dropped lru lock Date: Fri, 26 Jan 2024 08:30:14 +0000 Message-Id: <20240126083015.3557006-1-chengming.zhou@linux.dev> MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Queue-Id: D198D40002 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: e1qfe38tbp933tox5ynxhqboie1idhti X-HE-Tag: 1706257918-697301 X-HE-Meta: U2FsdGVkX18GsqQv9+uUv9U7SI8cxoFwo2F6mT8fKU2hYCnXez7M27DHcWSxUcRGv1C2AI78blIFDdGsaHEBo8zaGreHtczpmGySPUrj+WxouPyPAZCup6C7o3MkWYEQ7p+t+hocfdDpTq3j5C4Rx6Xp+sAWg19E73uSKmF3OENQ513YuxZpfzRAzRjt/YtBcsf2YbuFCeamJPFtNYnu/aiggWzlOVNmX98lXI6PvGKWl5Zz53dcM+ZoqmmLhJKQd3cdMyeS40BqxsJtLl8+M/p+UPiquDwbfbC8ytkMH4IYXRyw6cDdjzk72Y5gIc6LrNG+irSGXWLFsd4TqntlUuN5V7GVonNVsgMoMpljKW7yvfKJXnQxJmBn9IvTlWmCRVQBzJeYbvF95B1PFbyVM+6eJS50m1TwKPSXgpv3PWmJmX76/yi8dpBEjigg+95U0KNDLiDWozlXetgNMrLqfErJ6uTHbd/hlS2lNyyMhkNWy/C5Fvw080IG1dg30F2pxyy4C2Bw8ep5v6vm6O7dr1oqqqT4zsZPdrPIGAZCwpWK2YwGT5S1tkGq4awggNMNA16JTC/7mmiLrX8626Hf3CFkz0mk9QDxIQGn/tRFdYz6h05i5E5KznJzWOW+JUYGYsM/6gdfqZq8Qu7+rA6K8f3r8iVq49z4gM3eytByyGG13B/TjRngSCQm6+e9Za+UjMA+Nd8bAsvJu+PbeaADShw1Espl6ogiNiG7uwUgWPrh2MVC+UNvUssIrtm/Qc77oeS7u1ZXIIdiGctW6YM74Mw9+SlWPUgCjQjyhPk8lYmtB3WnGUpH5kYBN4FmC5qxEdUjrLI4DT9JTzF4cYusp3Ok5TB9uU3n8Dn9BH/BAzlM9lMgqQkslEMDdNiGewQthOBvhxStnmY9o9W0TfTWfXI1xZhWPCPUauafzEhFDXPVVOyCeEziWlwN4McRYZKdm8Z5mB2U/fQ7QSFlDKA tN5NRC3f khsAmrqjw+8Wiya3vTDRgOWkTpMA3rCxmyN41jNd0/MnQpqKm4OQ9BhxKyZAkFQb5qSUmSrPUX3CmCtV3u/kLVr0nXPGRuoSy0gHnpIj/qp8NEpc6rmat9ALPrBBkwFLT6hmWahmDx0xmwauS/PZrwsNUWajoDdxadMWFwFSkRPwYH+r359FWjJ/mjw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Chengming Zhou LRU_SKIP can only be returned if we don't ever dropped lru lock, or we need to return LRU_RETRY to restart from the head of lru list. Actually we may need to introduce another LRU_STOP to really terminate the ongoing shrinking scan process, when we encounter a warm page already in the swap cache. The current list_lru implementation doesn't have this function to early break from __list_lru_walk_one. Fixes: b5ba474f3f51 ("zswap: shrink zswap pool based on memory pressure") Signed-off-by: Chengming Zhou Acked-by: Johannes Weiner Reviewed-by: Nhat Pham --- mm/zswap.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/mm/zswap.c b/mm/zswap.c index 00e90b9b5417..81cb3790e0dd 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -901,10 +901,8 @@ static enum lru_status shrink_memcg_cb(struct list_head *item, struct list_lru_o * into the warmer region. We should terminate shrinking (if we're in the dynamic * shrinker context). */ - if (writeback_result == -EEXIST && encountered_page_in_swapcache) { - ret = LRU_SKIP; + if (writeback_result == -EEXIST && encountered_page_in_swapcache) *encountered_page_in_swapcache = true; - } goto put_unlock; } From patchwork Fri Jan 26 08:30:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chengming Zhou X-Patchwork-Id: 13532186 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6257FC48260 for ; Fri, 26 Jan 2024 08:32:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 76A3E6B00B1; Fri, 26 Jan 2024 03:32:03 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 6F1226B00B2; Fri, 26 Jan 2024 03:32:03 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 591A86B00B3; Fri, 26 Jan 2024 03:32:03 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 441266B00B1 for ; Fri, 26 Jan 2024 03:32:03 -0500 (EST) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 0928FC0143 for ; Fri, 26 Jan 2024 08:32:03 +0000 (UTC) X-FDA: 81720794526.13.20B6C93 Received: from out-171.mta1.migadu.com (out-171.mta1.migadu.com [95.215.58.171]) by imf26.hostedemail.com (Postfix) with ESMTP id 4B452140017 for ; Fri, 26 Jan 2024 08:32:01 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=CLpsDgqA; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf26.hostedemail.com: domain of chengming.zhou@linux.dev designates 95.215.58.171 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706257921; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=4RGl5GCV+/l8k8PkKYE4YjnNWtmux4RyfbXvzaTXTBw=; b=0wyL2lp+1B+WO0R0J/PQFWeUXVv0ZAjk4yq8p9GWj/b6rEey8P2Try2SgHlRToXZUoHTI8 pA7ITB9VW5SQ8EmHF/6gIM7v9Y/STjK9GKJtql3Xf76Nj3OxAZh/hu2uCJKHnUZQrVcOXN TiRjiOUl9383TjfcHEjFJJ4GBXE+yRE= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=CLpsDgqA; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf26.hostedemail.com: domain of chengming.zhou@linux.dev designates 95.215.58.171 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706257921; a=rsa-sha256; cv=none; b=cRVB5WJU70SUm/q+TLNcyM2N5wZIS+VE8K3/150DeGl8UBZPsK4TCpWHYsA09QbM2dApHQ qSw1L6jLXsDaTEHe7x882Av6ffVd05cDdRo7V7W3fzrk4Ej9oXUR6lpQVq9MV49CZY4gDR 1tjhf8Tzd7bmyGni8WyCg8u2BdqTTMM= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1706257919; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4RGl5GCV+/l8k8PkKYE4YjnNWtmux4RyfbXvzaTXTBw=; b=CLpsDgqApa2jWN3UyBSlFHJMAB6JLKUdRecLoWya7czH6asoNiydNa2hdfjXFJ3mhGU7bd sxi5fCGk4rSyYcc5yWXNRM0vKYyE0GwyUZFSztKB4ZxOLK9RE1TvftQiJma1PBMEg5J5qM jv04y+2koKHteg9CVHY3j3Wwzp5AsR4= From: chengming.zhou@linux.dev To: hannes@cmpxchg.org, yosryahmed@google.com, nphamcs@gmail.com, akpm@linux-foundation.org Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, chengming.zhou@linux.dev, Chengming Zhou Subject: [PATCH 2/2] mm/zswap: fix race between lru writeback and swapoff Date: Fri, 26 Jan 2024 08:30:15 +0000 Message-Id: <20240126083015.3557006-2-chengming.zhou@linux.dev> In-Reply-To: <20240126083015.3557006-1-chengming.zhou@linux.dev> References: <20240126083015.3557006-1-chengming.zhou@linux.dev> MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Queue-Id: 4B452140017 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: wo7y14gxwd3hq5ps868j1aw8tezatuxn X-HE-Tag: 1706257921-773419 X-HE-Meta: U2FsdGVkX18Gz3qvADgnDXOG7vzEr6FdASnKRPKHcloIewb8QgMOKXeS4eT+8uY8hgCEXl/nilD+JxplbJ2Z/zQFtp4QCv/a9z2ZpGTxLFnD0mQ+CifdDpMHqG4H4Y3ipelCEc7cZ8cubSImp57l6/4O9shfGq9l4MFfQgujHaOMViMucmc0DkXFzEVA/bQNDhUR5wUudWoFeVwtbXT52FVx35dL8jRuKg1C6Fur7IuoOTcVi7z+iXYevc0/B958XOyQsnUu2ybJHj8xpbz7/L/+uW2++YEKQnbvuV4/dxOzaIKnMyZ5nmM3NUUimlEt/A92FyRQnspuK4DYIYAf0fB5kPTcqPUTjDRcfXQWlhtDz1z/yWqKjLB/ZhQf7NsrKe/FyqpXwCBk7H9+EvXkmbnPxFT9G4+DfvB6xO/h86IjlLCLnQ6ppXZXl+3yuFjmrOQgEl8LGN1DJ6LUmzvckV6l9hmJ+RQvLHBN/ySsx3LhU4g27vCf9Dh8KkGEa8ZyOHsxl/I8Dym+IZZCe4wJERjNJ5EtcgJP85bimUPILlgbkZ7/fX8cL0GE+80hGNPg8n6iWjN/qFIA5y54InH2KQoSzwB178+1qQ6ahwYw0ujePIAxHIvAm2h3UVJoEyc6VjbMt5WHjam6EjhT7LsvdNTYn1MLjyyyr58OorfUCWspvfQ5erqZQa3tRGy+qAOSIahGBWcnzNHOIRw9ApAgmK52SMYY/kTR2aKB1zvZv3LBpzxzfsJX5/OPnRBsDTGbqf9S4N7++8OE4KHp0+Ad6KG7SJKnxdfNIFd2wGENiz4gGZW/e7wx1v1jsM6gTa/j+AM2f/9aIKI+iubEWSx0ClmZjdUBx4SxYOn15CzrJZPmSKlJgGmoeSontV4TXEeFtEzionw3jRNcj456Am5d2h9zZiPpOvjeC0r0obN6QznnQBFzfThD+5O+DuWcUySFVsFJDNVDQigGJLjAKXk z00I15ps z6oU8gop3pcff+zWL9vPYO+rskHc+kHNXG4n7n+f9F+C3vp9FnXukA+r5B2RQNBF+IsgstBxTJM5ZvPEWHs9zRuDv0uq6Y1x92rCw6Pivsf5P2G5WPRQnova4s44w8yb8KvnFhEKrD4KeCzjYoQDg6WukIXC8TlMbCQuNxQ9AJcHVqBvlkuqm4A85tgq73Jh6SrqE+xx8cm+WEVCprYZs1cI9CA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Chengming Zhou LRU writeback has race problem with swapoff, as spotted by Yosry[1]: CPU1 CPU2 shrink_memcg_cb swap_off list_lru_isolate zswap_invalidate zswap_swapoff kfree(tree) // UAF spin_lock(&tree->lock) The problem is that the entry in lru list can't protect the tree from being swapoff and freed, and the entry also can be invalidated and freed concurrently after we unlock the lru lock. We can fix it by moving the swap cache allocation ahead before referencing the tree, then check invalidate race with tree lock, only after that we can safely deref the entry. Note we couldn't deref entry or tree anymore after we unlock the folio, since we depend on this to hold on swapoff. So this patch moves all tree and entry usage to zswap_writeback_entry(), we only use the copied swpentry on the stack to allocate swap cache and return with folio locked, after which we can reference the tree. Then check invalidate race with tree lock, the following things is much the same like zswap_load(). Since we can't deref the entry after zswap_writeback_entry(), we can't use zswap_lru_putback() anymore, instead we rotate the entry in the LRU list so concurrent reclaimers have little chance to see it. Or it will be deleted from LRU list if writeback success. Another confusing part to me is the update of memcg nr_zswap_protected in zswap_lru_putback(). I'm not sure why it's needed here since if we raced with swapin, memcg nr_zswap_protected has already been updated in zswap_folio_swapin(). So not include this part for now. [1] https://lore.kernel.org/all/CAJD7tkasHsRnT_75-TXsEe58V9_OW6m3g6CF7Kmsvz8CKRG_EA@mail.gmail.com/ Signed-off-by: Chengming Zhou Acked-by: Johannes Weiner Acked-by: Nhat Pham --- mm/zswap.c | 93 ++++++++++++++++++------------------------------------ 1 file changed, 31 insertions(+), 62 deletions(-) diff --git a/mm/zswap.c b/mm/zswap.c index 81cb3790e0dd..fa2bdb7ec1d8 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -277,7 +277,7 @@ static inline struct zswap_tree *swap_zswap_tree(swp_entry_t swp) zpool_get_type((p)->zpools[0])) static int zswap_writeback_entry(struct zswap_entry *entry, - struct zswap_tree *tree); + swp_entry_t swpentry); static int zswap_pool_get(struct zswap_pool *pool); static void zswap_pool_put(struct zswap_pool *pool); @@ -445,27 +445,6 @@ static void zswap_lru_del(struct list_lru *list_lru, struct zswap_entry *entry) rcu_read_unlock(); } -static void zswap_lru_putback(struct list_lru *list_lru, - struct zswap_entry *entry) -{ - int nid = entry_to_nid(entry); - spinlock_t *lock = &list_lru->node[nid].lock; - struct mem_cgroup *memcg; - struct lruvec *lruvec; - - rcu_read_lock(); - memcg = mem_cgroup_from_entry(entry); - spin_lock(lock); - /* we cannot use list_lru_add here, because it increments node's lru count */ - list_lru_putback(list_lru, &entry->lru, nid, memcg); - spin_unlock(lock); - - lruvec = mem_cgroup_lruvec(memcg, NODE_DATA(entry_to_nid(entry))); - /* increment the protection area to account for the LRU rotation. */ - atomic_long_inc(&lruvec->zswap_lruvec_state.nr_zswap_protected); - rcu_read_unlock(); -} - /********************************* * rbtree functions **********************************/ @@ -860,40 +839,34 @@ static enum lru_status shrink_memcg_cb(struct list_head *item, struct list_lru_o { struct zswap_entry *entry = container_of(item, struct zswap_entry, lru); bool *encountered_page_in_swapcache = (bool *)arg; - struct zswap_tree *tree; - pgoff_t swpoffset; + swp_entry_t swpentry; enum lru_status ret = LRU_REMOVED_RETRY; int writeback_result; + /* + * First rotate to the tail of lru list before unlocking lru lock, + * so the concurrent reclaimers have little chance to see it. + * It will be deleted from the lru list if writeback success. + */ + list_move_tail(item, &l->list); + /* * Once the lru lock is dropped, the entry might get freed. The - * swpoffset is copied to the stack, and entry isn't deref'd again + * swpentry is copied to the stack, and entry isn't deref'd again * until the entry is verified to still be alive in the tree. */ - swpoffset = swp_offset(entry->swpentry); - tree = swap_zswap_tree(entry->swpentry); - list_lru_isolate(l, item); + swpentry = entry->swpentry; + /* * It's safe to drop the lock here because we return either * LRU_REMOVED_RETRY or LRU_RETRY. */ spin_unlock(lock); - /* Check for invalidate() race */ - spin_lock(&tree->lock); - if (entry != zswap_rb_search(&tree->rbroot, swpoffset)) - goto unlock; - - /* Hold a reference to prevent a free during writeback */ - zswap_entry_get(entry); - spin_unlock(&tree->lock); - - writeback_result = zswap_writeback_entry(entry, tree); + writeback_result = zswap_writeback_entry(entry, swpentry); - spin_lock(&tree->lock); if (writeback_result) { zswap_reject_reclaim_fail++; - zswap_lru_putback(&entry->pool->list_lru, entry); ret = LRU_RETRY; /* @@ -903,27 +876,10 @@ static enum lru_status shrink_memcg_cb(struct list_head *item, struct list_lru_o */ if (writeback_result == -EEXIST && encountered_page_in_swapcache) *encountered_page_in_swapcache = true; - - goto put_unlock; + } else { + zswap_written_back_pages++; } - zswap_written_back_pages++; - - if (entry->objcg) - count_objcg_event(entry->objcg, ZSWPWB); - - count_vm_event(ZSWPWB); - /* - * Writeback started successfully, the page now belongs to the - * swapcache. Drop the entry from zswap - unless invalidate already - * took it out while we had the tree->lock released for IO. - */ - zswap_invalidate_entry(tree, entry); -put_unlock: - /* Drop local reference */ - zswap_entry_put(entry); -unlock: - spin_unlock(&tree->lock); spin_lock(lock); return ret; } @@ -1408,9 +1364,9 @@ static void __zswap_load(struct zswap_entry *entry, struct page *page) * freed. */ static int zswap_writeback_entry(struct zswap_entry *entry, - struct zswap_tree *tree) + swp_entry_t swpentry) { - swp_entry_t swpentry = entry->swpentry; + struct zswap_tree *tree; struct folio *folio; struct mempolicy *mpol; bool folio_was_allocated; @@ -1442,18 +1398,31 @@ static int zswap_writeback_entry(struct zswap_entry *entry, * backs (our zswap_entry reference doesn't prevent that), to * avoid overwriting a new swap folio with old compressed data. */ + tree = swap_zswap_tree(swpentry); spin_lock(&tree->lock); - if (zswap_rb_search(&tree->rbroot, swp_offset(entry->swpentry)) != entry) { + if (zswap_rb_search(&tree->rbroot, swp_offset(swpentry)) != entry) { spin_unlock(&tree->lock); delete_from_swap_cache(folio); folio_unlock(folio); folio_put(folio); return -ENOMEM; } + + /* Safe to deref entry after the entry is verified above. */ + zswap_entry_get(entry); spin_unlock(&tree->lock); __zswap_load(entry, &folio->page); + count_vm_event(ZSWPWB); + if (entry->objcg) + count_objcg_event(entry->objcg, ZSWPWB); + + spin_lock(&tree->lock); + zswap_invalidate_entry(tree, entry); + zswap_entry_put(entry); + spin_unlock(&tree->lock); + /* folio is up to date */ folio_mark_uptodate(folio);