Commit d82bf47a authored by Oleg Nesterov's avatar Oleg Nesterov Committed by Greg Kroah-Hartman

swap_readpage(): avoid blk_wake_io_task() if !synchronous

commit 87518530 upstream.

swap_readpage() sets waiter = bio->bi_private even if synchronous = F,
this means that the caller can get the spurious wakeup after return.

This can be fatal if blk_wake_io_task() does
set_current_state(TASK_RUNNING) after the caller does
set_special_state(), in the worst case the kernel can crash in
do_task_dead().

Link: http://lkml.kernel.org/r/20190704160301.GA5956@redhat.com
Fixes: 0619317f ("block: add polled wakeup task helper")
Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
Reported-by: default avatarQian Cai <cai@lca.pw>
Acked-by: default avatarHugh Dickins <hughd@google.com>
Reviewed-by: default avatarJens Axboe <axboe@kernel.dk>
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 61ff807f
...@@ -137,8 +137,10 @@ static void end_swap_bio_read(struct bio *bio) ...@@ -137,8 +137,10 @@ static void end_swap_bio_read(struct bio *bio)
unlock_page(page); unlock_page(page);
WRITE_ONCE(bio->bi_private, NULL); WRITE_ONCE(bio->bi_private, NULL);
bio_put(bio); bio_put(bio);
blk_wake_io_task(waiter); if (waiter) {
put_task_struct(waiter); blk_wake_io_task(waiter);
put_task_struct(waiter);
}
} }
int generic_swapfile_activate(struct swap_info_struct *sis, int generic_swapfile_activate(struct swap_info_struct *sis,
...@@ -395,11 +397,12 @@ int swap_readpage(struct page *page, bool synchronous) ...@@ -395,11 +397,12 @@ int swap_readpage(struct page *page, bool synchronous)
* Keep this task valid during swap readpage because the oom killer may * Keep this task valid during swap readpage because the oom killer may
* attempt to access it in the page fault retry time check. * attempt to access it in the page fault retry time check.
*/ */
get_task_struct(current);
bio->bi_private = current;
bio_set_op_attrs(bio, REQ_OP_READ, 0); bio_set_op_attrs(bio, REQ_OP_READ, 0);
if (synchronous) if (synchronous) {
bio->bi_opf |= REQ_HIPRI; bio->bi_opf |= REQ_HIPRI;
get_task_struct(current);
bio->bi_private = current;
}
count_vm_event(PSWPIN); count_vm_event(PSWPIN);
bio_get(bio); bio_get(bio);
qc = submit_bio(bio); qc = submit_bio(bio);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment