[SRU][Q][PATCH 1/1] mm, swap: fix swap cache index error when retrying reclaim

Tue Apr 7 06:34:59 UTC 2026

From: Kairui Song <kasong at tencent.com>

BugLink: https://bugs.launchpad.net/bugs/2137755

The allocator will reclaim cached slots while scanning.  Currently, it
will try again if reclaim found a folio that is already removed from the
swap cache due to a race.  But the following lookup will be using the
wrong index.  It won't cause any OOB issue since the swap cache index is
truncated upon lookup, but it may lead to reclaiming of an irrelevant
folio.

This should not cause a measurable issue, but we should fix it.

Link: https://lkml.kernel.org/r/20250916160100.31545-4-ryncsn@gmail.com
Fixes: fae859550531 ("mm, swap: avoid reclaiming irrelevant swap cache")
Signed-off-by: Kairui Song <kasong at tencent.com>
Reviewed-by: Baolin Wang <baolin.wang at linux.alibaba.com>
Acked-by: Nhat Pham <nphamcs at gmail.com>
Acked-by: Chris Li <chrisl at kernel.org>
Acked-by: David Hildenbrand <david at redhat.com>
Suggested-by: Chris Li <chrisl at kernel.org>
Cc: Baoquan He <bhe at redhat.com>
Cc: Barry Song <baohua at kernel.org>
Cc: "Huang, Ying" <ying.huang at linux.alibaba.com>
Cc: Hugh Dickins <hughd at google.com>
Cc: Johannes Weiner <hannes at cmpxchg.org>
Cc: Kemeng Shi <shikemeng at huaweicloud.com>
Cc: kernel test robot <oliver.sang at intel.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes at oracle.com>
Cc: Matthew Wilcox (Oracle) <willy at infradead.org>
Cc: Yosry Ahmed <yosryahmed at google.com>
Cc: Zi Yan <ziy at nvidia.com>
Cc: SeongJae Park <sj at kernel.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
(backported from commit a733d8de7f1ccbf093ce2fde424616e529073876)
[acelan: upstream removed 'address_space' variable in an earlier commit,
 but this branch still uses it. Kept the variable while applying the
 'const' qualifier to 'entry' as intended by the upstream fix.]
Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao at canonical.com>
Acked-by: Kuan-Ying Lee <kuan-ying.lee at canonical.com>
Signed-off-by: Kuan-Ying Lee <kuan-ying.lee at canonical.com>
---
 mm/swapfile.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/mm/swapfile.c b/mm/swapfile.c
index 73065d75d0e1f..d0179759d5dac 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -212,7 +212,7 @@ static bool swap_is_last_map(struct swap_info_struct *si,
 static int __try_to_reclaim_swap(struct swap_info_struct *si,
 				 unsigned long offset, unsigned long flags)
 {
-	swp_entry_t entry = swp_entry(si->type, offset);
+	const swp_entry_t entry = swp_entry(si->type, offset);
 	struct address_space *address_space = swap_address_space(entry);
 	struct swap_cluster_info *ci;
 	struct folio *folio;
@@ -241,13 +241,13 @@ static int __try_to_reclaim_swap(struct swap_info_struct *si,
 	 * Offset could point to the middle of a large folio, or folio
 	 * may no longer point to the expected offset before it's locked.
 	 */
-	entry = folio->swap;
-	if (offset < swp_offset(entry) || offset >= swp_offset(entry) + nr_pages) {
+	if (offset < swp_offset(folio->swap) ||
+	    offset >= swp_offset(folio->swap) + nr_pages) {
 		folio_unlock(folio);
 		folio_put(folio);
 		goto again;
 	}
-	offset = swp_offset(entry);
+	offset = swp_offset(folio->swap);
 
 	need_reclaim = ((flags & TTRS_ANYWAY) ||
 			((flags & TTRS_UNMAPPED) && !folio_mapped(folio)) ||
-- 
2.53.0


