On Mon, Jul 19, 2021 at 10:44 AM Matthew Wilcox willy@infradead.org wrote:
On Mon, Jul 19, 2021 at 10:24:18AM +0800, Zhouyi Zhou wrote:
Meanwhile, I examined the 5.12.17 by naked eye, and found a suspicious place that could possibly trigger that problem:
struct swap_info_struct *get_swap_device(swp_entry_t entry) { struct swap_info_struct *si; unsigned long offset;
if (!entry.val) goto out; si = swp_swap_info(entry); if (!si) goto bad_nofile;rcu_read_lock(); if (data_race(!(si->flags & SWP_VALID))) goto unlock_out; offset = swp_offset(entry); if (offset >= si->max) goto unlock_out;
return si; bad_nofile: pr_err("%s: %s%08lx\n", __func__, Bad_file, entry.val); out: return NULL; unlock_out: rcu_read_unlock(); return NULL; } I guess the function "return si" without a rcu_read_unlock.
Yes, but the caller is supposed to call put_swap_device() which calls rcu_read_unlock(). See commit eb085574a752.
I see, sorry for the mistake