!7109 fix CVE-2024-26960

	return ent & ~SWAP_HAS_CACHE;	/* may include COUNT_CONTINUED flag */

}

/* Reclaim the swap entry anyway if possible */

#define TTRS_ANYWAY		0x1

/*

 * Reclaim the swap entry if there are no more mappings of the

 * corresponding page

 */

#define TTRS_UNMAPPED		0x2

/* Reclaim the swap entry if swap is getting full*/

#define TTRS_FULL		0x4

/* returns 1 if swap entry is freed */

static int

__try_to_reclaim_swap(struct swap_info_struct *si, unsigned long offset)

static int __try_to_reclaim_swap(struct swap_info_struct *si,

				 unsigned long offset, unsigned long flags)

{

	swp_entry_t entry = swp_entry(si->type, offset);

	struct page *page;

	int ret = 0;

	page = find_get_page(swap_address_space(entry), swp_offset(entry));

	page = find_get_page(swap_address_space(entry), offset);

	if (!page)

		return 0;

	/*

	 * This function is called from scan_swap_map() and it's called

	 * by vmscan.c at reclaiming pages. So, we hold a lock on a page, here.

	 * We have to use trylock for avoiding deadlock. This is a special

	 * When this function is called from scan_swap_map_slots() and it's

	 * called by vmscan.c at reclaiming pages. So, we hold a lock on a page,

	 * here. We have to use trylock for avoiding deadlock. This is a special

	 * case and you should use try_to_free_swap() with explicit lock_page()

	 * in usual operations.

	 */

	if (trylock_page(page)) {

		if ((flags & TTRS_ANYWAY) ||

		    ((flags & TTRS_UNMAPPED) && !page_mapped(page)) ||

		    ((flags & TTRS_FULL) && mem_cgroup_swap_full(page)))

			ret = try_to_free_swap(page);

		unlock_page(page);

	}

		int swap_was_freed;

		unlock_cluster(ci);

		spin_unlock(&si->lock);

		swap_was_freed = __try_to_reclaim_swap(si, offset);

		swap_was_freed = __try_to_reclaim_swap(si, offset, TTRS_ANYWAY);

		spin_lock(&si->lock);

		/* entry was freed successfully, try to use this again */

		if (swap_was_freed)

}

/*

 * Note that when only holding the PTL, swapoff might succeed immediately

 * after freeing a swap entry. Therefore, immediately after

 * __swap_entry_free(), the swap info might become stale and should not

 * be touched without a prior get_swap_device().

 *

 * Check whether swap entry is valid in the swap device.  If so,

 * return pointer to swap_info_struct, and keep the swap entry valid

 * via preventing the swap device from being swapoff, until

int free_swap_and_cache(swp_entry_t entry)

{

	struct swap_info_struct *p;

	struct page *page = NULL;

	unsigned char count;

	if (non_swap_entry(entry))

		return 1;

	p = _swap_info_get(entry);

	p = get_swap_device(entry);

	if (p) {

		if (WARN_ON(!p->swap_map[swp_offset(entry)])) {

			put_swap_device(p);

			return 0;

		}

		count = __swap_entry_free(p, entry, 1);

		if (count == SWAP_HAS_CACHE &&

		    !swap_page_trans_huge_swapped(p, entry)) {

			page = find_get_page(swap_address_space(entry),

					     swp_offset(entry));

			if (page && !trylock_page(page)) {

				put_page(page);

				page = NULL;

			}

		} else if (!count)

		    !swap_page_trans_huge_swapped(p, entry))

			__try_to_reclaim_swap(p, swp_offset(entry),

					      TTRS_UNMAPPED | TTRS_FULL);

		else if (!count)

			free_swap_slot(entry);

	}

	if (page) {

		/*

		 * Not mapped elsewhere, or swap space full? Free it!

		 * Also recheck PageSwapCache now page is locked (above).

		 */

		if (PageSwapCache(page) && !PageWriteback(page) &&

		    (!page_mapped(page) || mem_cgroup_swap_full(page)) &&

		    !swap_page_trans_huge_swapped(p, entry)) {

			page = compound_head(page);

			delete_from_swap_cache(page);

			SetPageDirty(page);

		}

		unlock_page(page);

		put_page(page);

		put_swap_device(p);

	}

	return p != NULL;

}