[PATCH 4.19 49/52] swap: fix swapfile read/write offset

From: Greg Kroah-Hartman
Date: Fri Mar 05 2021 - 07:39:16 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.19 31/52] crypto: tcrypt - avoid signed overflow in byte count"
Previous message: Greg Kroah-Hartman: "[PATCH 4.19 50/52] media: v4l: ioctl: Fix memory leak in video_usercopy"
In reply to: Greg Kroah-Hartman: "[PATCH 4.19 50/52] media: v4l: ioctl: Fix memory leak in video_usercopy"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.19 31/52] crypto: tcrypt - avoid signed overflow in byte count"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jens Axboe <axboe@xxxxxxxxx>

commit caf6912f3f4af7232340d500a4a2008f81b93f14 upstream.

We're not factoring in the start of the file for where to write and
read the swapfile, which leads to very unfortunate side effects of
writing where we should not be...

[This issue only affects swapfiles on filesystems on top of blockdevs
that implement rw_page ops (brd, zram, btt, pmem), and not on top of any
other block devices, in contrast to the upstream commit fix.]

Fixes: dd6bd0d9c7db ("swap: use bdev_read_page() / bdev_write_page()")
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
Signed-off-by: Anthony Iliopoulos <ailiop@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
mm/page_io.c | 11 +++--------
mm/swapfile.c | 2 +-
2 files changed, 4 insertions(+), 9 deletions(-)

--- a/mm/page_io.c
+++ b/mm/page_io.c
@@ -38,7 +38,6 @@ static struct bio *get_swap_bio(gfp_t gf

bio->bi_iter.bi_sector = map_swap_page(page, &bdev);
bio_set_dev(bio, bdev);
- bio->bi_iter.bi_sector <<= PAGE_SHIFT - 9;
bio->bi_end_io = end_io;

for (i = 0; i < nr; i++)
@@ -262,11 +261,6 @@ out:
return ret;
}

-static sector_t swap_page_sector(struct page *page)
-{
- return (sector_t)__page_file_index(page) << (PAGE_SHIFT - 9);
-}
-
static inline void count_swpout_vm_event(struct page *page)
{
#ifdef CONFIG_TRANSPARENT_HUGEPAGE
@@ -325,7 +319,8 @@ int __swap_writepage(struct page *page,
return ret;
}

- ret = bdev_write_page(sis->bdev, swap_page_sector(page), page, wbc);
+ ret = bdev_write_page(sis->bdev, map_swap_page(page, &sis->bdev),
+ page, wbc);
if (!ret) {
count_swpout_vm_event(page);
return 0;
@@ -376,7 +371,7 @@ int swap_readpage(struct page *page, boo
return ret;
}

- ret = bdev_read_page(sis->bdev, swap_page_sector(page), page);
+ ret = bdev_read_page(sis->bdev, map_swap_page(page, &sis->bdev), page);
if (!ret) {
if (trylock_page(page)) {
swap_slot_free_notify(page);
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -2305,7 +2305,7 @@ sector_t map_swap_page(struct page *page
{
swp_entry_t entry;
entry.val = page_private(page);
- return map_swap_entry(entry, bdev);
+ return map_swap_entry(entry, bdev) << (PAGE_SHIFT - 9);
}

/*

Next message: Greg Kroah-Hartman: "[PATCH 4.19 31/52] crypto: tcrypt - avoid signed overflow in byte count"
Previous message: Greg Kroah-Hartman: "[PATCH 4.19 50/52] media: v4l: ioctl: Fix memory leak in video_usercopy"
In reply to: Greg Kroah-Hartman: "[PATCH 4.19 50/52] media: v4l: ioctl: Fix memory leak in video_usercopy"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.19 31/52] crypto: tcrypt - avoid signed overflow in byte count"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]