On Wed, Apr 16, 2025 at 04:04:10PM -0400, Martin K. Petersen wrote: > Placing multiple protection information buffers inside the same page > can lead to oopses because set_page_dirty_lock() can't be called from > interrupt context. > > Since a protection information buffer is not backed by a file there is > no point in setting its page dirty, there is nothing to synchronize. > Drop the call to set_page_dirty_lock() and remove the last argument to > bio_integrity_unpin_bvec(). I think the patch is right, but the commit message is wrong. Let's suppose we're allocating the PI buffer in anonymous memory. Also, we're under memory pressure. We've already swapped out the page containing the PI buffer once, so it's in the swap cache and marked as clean. We do a READ from the device, and the new metadata is written to the page. Then a new round of memory reclaim happens and this page is chosen. If it's still clean, the new contents will not be written to swap and the page will simply be discarded. When we go to validate the PI data, the page will be swapped back in, but it will have old PI information in it so the verification will fail. What we need to do is mark the folio dirty at pin time. I believe O_DIRECT does this properly, and I'm not sure whether this code does it properly or not.
