swap: fix swapfile read/write offset

commit caf6912f3f4af7232340d500a4a2008f81b93f14 upstream.

We're not factoring in the start of the file for where to write and
read the swapfile, which leads to very unfortunate side effects of
writing where we should not be...

[This issue only affects swapfiles on filesystems on top of blockdevs
that implement rw_page ops (brd, zram, btt, pmem), and not on top of any
other block devices, in contrast to the upstream commit fix.]

Fixes: dd6bd0d9c7db ("swap: use bdev_read_page() / bdev_write_page()")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Cc: stable@vger.kernel.org # 4.9
Signed-off-by: Anthony Iliopoulos <ailiop@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/mm/page_io.c b/mm/page_io.c
index a2651f58c86a25f3cc9190c8b98aaf5bf615a174..ad0e0ce31090ec57d677c5f67a0c2870a06e6df9 100644 (file)
--- a/mm/page_io.c
+++ b/mm/page_io.c
@@ -32,7 +32,6 @@ static struct bio *get_swap_bio(gfp_t gfp_flags,
        bio = bio_alloc(gfp_flags, 1);
        if (bio) {
                bio->bi_iter.bi_sector = map_swap_page(page, &bio->bi_bdev);
-               bio->bi_iter.bi_sector <<= PAGE_SHIFT - 9;
                bio->bi_end_io = end_io;
 
                bio_add_page(bio, page, PAGE_SIZE, 0);
@@ -252,11 +251,6 @@ int swap_writepage(struct page *page, struct writeback_control *wbc)
        return ret;
 }
 
-static sector_t swap_page_sector(struct page *page)
-{
-       return (sector_t)__page_file_index(page) << (PAGE_SHIFT - 9);
-}
-
 int __swap_writepage(struct page *page, struct writeback_control *wbc,
                bio_end_io_t end_write_func)
 {
@@ -306,7 +300,8 @@ int __swap_writepage(struct page *page, struct writeback_control *wbc,
                return ret;
        }
 
-       ret = bdev_write_page(sis->bdev, swap_page_sector(page), page, wbc);
+       ret = bdev_write_page(sis->bdev, map_swap_page(page, &sis->bdev),
+                             page, wbc);
        if (!ret) {
                count_vm_event(PSWPOUT);
                return 0;
@@ -357,7 +352,7 @@ int swap_readpage(struct page *page)
                return ret;
        }
 
-       ret = bdev_read_page(sis->bdev, swap_page_sector(page), page);
+       ret = bdev_read_page(sis->bdev, map_swap_page(page, &sis->bdev), page);
        if (!ret) {
                if (trylock_page(page)) {
                        swap_slot_free_notify(page);

diff --git a/mm/swapfile.c b/mm/swapfile.c
index 855f62ab8c1b3b3f6c00b0740a3875467938ec3e..8a0d969a6ebd9769aaf9621e6c8ce350aefd15ee 100644 (file)
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -1666,7 +1666,7 @@ sector_t map_swap_page(struct page *page, struct block_device **bdev)
 {
        swp_entry_t entry;
        entry.val = page_private(page);
-       return map_swap_entry(entry, bdev);
+       return map_swap_entry(entry, bdev) << (PAGE_SHIFT - 9);
 }
 
 /*