[PATCH STABLE 4.4] swap: fix swapfile page to sector mapping

From: Anthony Iliopoulos
Date: Thu Mar 04 2021 - 10:07:34 EST

Next message: Anthony Iliopoulos: "[PATCH STABLE 5.10 5.11] swap: fix swapfile page to sector mapping"
Previous message: Anthony Iliopoulos: "[PATCH STABLE 4.9] swap: fix swapfile page to sector mapping"
In reply to: Anthony Iliopoulos: "[PATCH STABLE 4.9] swap: fix swapfile page to sector mapping"
Next in thread: Anthony Iliopoulos: "[PATCH STABLE 5.10 5.11] swap: fix swapfile page to sector mapping"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

commit caf6912f3f4af7232340d500a4a2008f81b93f14 upstream.

Fix block device sector offset calculation for swap page io on top of
blockdevs that provide a rw_page operation and do page-sized io directly
(without the block layer).

Currently swap_page_sector() maps a swap page into a blockdev sector by
obtaining the swap page offset (swap map slot), but ignores the swapfile
starting offset into the blockdev.

In setups where swapfiles are sitting on top of a filesystem, this
results into swapping out activity potentially overwriting filesystem
blocks that fall outside the swapfile region.

[This issue only affects swapfiles on filesystems on top of blockdevs
that implement rw_page ops (brd, zram, btt, pmem), and not on top of any
other block devices, in contrast to the upstream commit fix.]

Fixes: dd6bd0d9c7db ("swap: use bdev_read_page() / bdev_write_page()")
Cc: stable@xxxxxxxxxxxxxxx # 4.4

Signed-off-by: Anthony Iliopoulos <ailiop@xxxxxxxx>
---
mm/page_io.c | 11 +++--------
mm/swapfile.c | 2 +-
2 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/mm/page_io.c b/mm/page_io.c
index b995a5ba5e8f..ab92cd559404 100644
--- a/mm/page_io.c
+++ b/mm/page_io.c
@@ -32,7 +32,6 @@ static struct bio *get_swap_bio(gfp_t gfp_flags,
bio = bio_alloc(gfp_flags, 1);
if (bio) {
bio->bi_iter.bi_sector = map_swap_page(page, &bio->bi_bdev);
- bio->bi_iter.bi_sector <<= PAGE_SHIFT - 9;
bio->bi_end_io = end_io;

bio_add_page(bio, page, PAGE_SIZE, 0);
@@ -244,11 +243,6 @@ out:
return ret;
}

-static sector_t swap_page_sector(struct page *page)
-{
- return (sector_t)__page_file_index(page) << (PAGE_CACHE_SHIFT - 9);
-}
-
int __swap_writepage(struct page *page, struct writeback_control *wbc,
bio_end_io_t end_write_func)
{
@@ -297,7 +291,8 @@ int __swap_writepage(struct page *page, struct writeback_control *wbc,
return ret;
}

- ret = bdev_write_page(sis->bdev, swap_page_sector(page), page, wbc);
+ ret = bdev_write_page(sis->bdev, map_swap_page(page, &sis->bdev),
+ page, wbc);
if (!ret) {
count_vm_event(PSWPOUT);
return 0;
@@ -345,7 +340,7 @@ int swap_readpage(struct page *page)
return ret;
}

- ret = bdev_read_page(sis->bdev, swap_page_sector(page), page);
+ ret = bdev_read_page(sis->bdev, map_swap_page(page, &sis->bdev), page);
if (!ret) {
count_vm_event(PSWPIN);
return 0;
diff --git a/mm/swapfile.c b/mm/swapfile.c
index 8e25ff2b693a..b338d8829239 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -1653,7 +1653,7 @@ sector_t map_swap_page(struct page *page, struct block_device **bdev)
{
swp_entry_t entry;
entry.val = page_private(page);
- return map_swap_entry(entry, bdev);
+ return map_swap_entry(entry, bdev) << (PAGE_SHIFT - 9);
}

/*
--
2.30.1

Next message: Anthony Iliopoulos: "[PATCH STABLE 5.10 5.11] swap: fix swapfile page to sector mapping"
Previous message: Anthony Iliopoulos: "[PATCH STABLE 4.9] swap: fix swapfile page to sector mapping"
In reply to: Anthony Iliopoulos: "[PATCH STABLE 4.9] swap: fix swapfile page to sector mapping"
Next in thread: Anthony Iliopoulos: "[PATCH STABLE 5.10 5.11] swap: fix swapfile page to sector mapping"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]