[PATCH v2 1/1] mm: swap: remove duplicate nr_swap_pages decrement in get_swap_page_of_type()
After commit 4f78252da887, nr_swap_pages is decremented in swap_range_alloc(). Since cluster_alloc_swap_entry() calls swap_range_alloc() internally, the decrement in get_swap_page_of_type() causes double-decrementing.
Remove the duplicate decrement.
Fixes: 4f78252da887 ("mm: swap: move nr_swap_pages counter decrement from folio_alloc_swap() to swap_range_alloc()") Cc: stable@vger.kernel.org # v6.17-rc1 Signed-off-by: Youngjun Park youngjun.park@lge.com Acked-by: Chris Li chrisl@kernel.org Reviewed-by: Barry Song baohua@kernel.org --- v1 -> v2: - Collect Acked-by from Chris - thank you! - Collect Reviewed-by from Barry - thank you! - Link to v1: https://lore.kernel.org/linux-mm/20251101134158.69908-1-youngjun.park@lge.co...
mm/swapfile.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/mm/swapfile.c b/mm/swapfile.c index 543f303f101d..66a502cd747b 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -2020,10 +2020,8 @@ swp_entry_t get_swap_page_of_type(int type) local_lock(&percpu_swap_cluster.lock); offset = cluster_alloc_swap_entry(si, 0, 1); local_unlock(&percpu_swap_cluster.lock); - if (offset) { + if (offset) entry = swp_entry(si->type, offset); - atomic_long_dec(&nr_swap_pages); - } } put_swap_device(si); }
On Sun, Nov 2, 2025 at 4:36 PM Youngjun Park youngjun.park@lge.com wrote:
After commit 4f78252da887, nr_swap_pages is decremented in swap_range_alloc(). Since cluster_alloc_swap_entry() calls swap_range_alloc() internally, the decrement in get_swap_page_of_type() causes double-decrementing.
Remove the duplicate decrement.
Fixes: 4f78252da887 ("mm: swap: move nr_swap_pages counter decrement from folio_alloc_swap() to swap_range_alloc()") Cc: stable@vger.kernel.org # v6.17-rc1 Signed-off-by: Youngjun Park youngjun.park@lge.com Acked-by: Chris Li chrisl@kernel.org Reviewed-by: Barry Song baohua@kernel.org
v1 -> v2:
- Collect Acked-by from Chris - thank you!
- Collect Reviewed-by from Barry - thank you!
- Link to v1: https://lore.kernel.org/linux-mm/20251101134158.69908-1-youngjun.park@lge.co...
mm/swapfile.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/mm/swapfile.c b/mm/swapfile.c index 543f303f101d..66a502cd747b 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -2020,10 +2020,8 @@ swp_entry_t get_swap_page_of_type(int type) local_lock(&percpu_swap_cluster.lock); offset = cluster_alloc_swap_entry(si, 0, 1); local_unlock(&percpu_swap_cluster.lock);
if (offset) {
if (offset) entry = swp_entry(si->type, offset);
atomic_long_dec(&nr_swap_pages);} } put_swap_device(si); }-- 2.34.1
Thanks.
Reviewed-by: Kairui Song kasong@tencent.com
On Sun, 2 Nov 2025 17:24:56 +0900 Youngjun Park youngjun.park@lge.com wrote:
After commit 4f78252da887, nr_swap_pages is decremented in swap_range_alloc(). Since cluster_alloc_swap_entry() calls swap_range_alloc() internally, the decrement in get_swap_page_of_type() causes double-decrementing.
Remove the duplicate decrement.
Can we please have a description of the userspace-visible runtime effects of the bug?
Fixes: 4f78252da887 ("mm: swap: move nr_swap_pages counter decrement from folio_alloc_swap() to swap_range_alloc()") Cc: stable@vger.kernel.org # v6.17-rc1
Especially when proposing a backport.
Thanks.
On Mon, Nov 03, 2025 at 06:56:08PM -0800, Andrew Morton wrote:
On Sun, 2 Nov 2025 17:24:56 +0900 Youngjun Park youngjun.park@lge.com wrote:
After commit 4f78252da887, nr_swap_pages is decremented in swap_range_alloc(). Since cluster_alloc_swap_entry() calls swap_range_alloc() internally, the decrement in get_swap_page_of_type() causes double-decrementing.
Remove the duplicate decrement.
Can we please have a description of the userspace-visible runtime effects of the bug?
Fixes: 4f78252da887 ("mm: swap: move nr_swap_pages counter decrement from folio_alloc_swap() to swap_range_alloc()") Cc: stable@vger.kernel.org # v6.17-rc1
Especially when proposing a backport.
Thanks.
Hi Andrew,
Thank you for picking up the patch. Since it's already in mm-hotfixes-unstable, I'm providing the elaboration here rather than sending v3.
As a representative userspace-visible runtime example of the impact, /proc/meminfo reports increasingly inaccurate SwapFree values. The discrepancy grows with each swap allocation, and during hibernation when large amounts of memory are written to swap, the reported value can deviate significantly from actual available swap space, misleading users and monitoring tools.
Best Regards, Youngjun
On Tue, 4 Nov 2025 23:46:40 +0900 YoungJun Park youngjun.park@lge.com wrote:
Can we please have a description of the userspace-visible runtime effects of the bug?
Fixes: 4f78252da887 ("mm: swap: move nr_swap_pages counter decrement from folio_alloc_swap() to swap_range_alloc()") Cc: stable@vger.kernel.org # v6.17-rc1
Especially when proposing a backport.
Thanks.
Hi Andrew,
Thank you for picking up the patch. Since it's already in mm-hotfixes-unstable, I'm providing the elaboration here rather than sending v3.
As a representative userspace-visible runtime example of the impact, /proc/meminfo reports increasingly inaccurate SwapFree values. The discrepancy grows with each swap allocation, and during hibernation when large amounts of memory are written to swap, the reported value can deviate significantly from actual available swap space, misleading users and monitoring tools.
Great, thanks, very helpful. I pasted that into the mm.git copy of this patch.
On Sun, Nov 2, 2025 at 1:25 AM Youngjun Park youngjun.park@lge.com wrote:
After commit 4f78252da887, nr_swap_pages is decremented in swap_range_alloc(). Since cluster_alloc_swap_entry() calls swap_range_alloc() internally, the decrement in get_swap_page_of_type() causes double-decrementing.
Remove the duplicate decrement.
Fixes: 4f78252da887 ("mm: swap: move nr_swap_pages counter decrement from folio_alloc_swap() to swap_range_alloc()") Cc: stable@vger.kernel.org # v6.17-rc1 Signed-off-by: Youngjun Park youngjun.park@lge.com Acked-by: Chris Li chrisl@kernel.org Reviewed-by: Barry Song baohua@kernel.org
Acked-by: Nhat Pham nphamcs@gmail.com
linux-stable-mirror@lists.linaro.org
-
Andrew Morton -
Kairui Song -
Nhat Pham -
YoungJun Park -
Youngjun Park