lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250227061616.GD110982@cmpxchg.org>
Date: Thu, 27 Feb 2025 01:16:16 -0500
From: Johannes Weiner <hannes@...xchg.org>
To: Yosry Ahmed <yosry.ahmed@...ux.dev>
Cc: Nhat Pham <nphamcs@...il.com>, akpm@...ux-foundation.org,
	chengming.zhou@...ux.dev, linux-mm@...ck.org, kernel-team@...a.com,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] zswap: do not crash the kernel on decompression
 failure

On Thu, Feb 27, 2025 at 05:44:29AM +0000, Yosry Ahmed wrote:
> On Wed, Feb 26, 2025 at 11:31:41PM -0500, Johannes Weiner wrote:
> > On Thu, Feb 27, 2025 at 01:19:31AM +0000, Yosry Ahmed wrote:
> > > On Wed, Feb 26, 2025 at 04:14:45PM -0800, Nhat Pham wrote:
> > > >  	if (WARN_ON_ONCE(folio_test_large(folio)))
> > > >  		return true;
> > > >  
> > > > +	entry = xa_load(tree, offset);
> > > > +	if (!entry)
> > > > +		return false;
> > > > +
> > > 
> > > A small comment here pointing out that we are deliberatly not setting
> > > uptodate because of the failure may make things more obvious, or do you
> > > think that's not needed?
> > >
> > > > +	if (!zswap_decompress(entry, folio))
> > > > +		return true;
> > 
> > How about an actual -ev and have this in swap_read_folio():
> 
> Good idea, I was going to suggest an enum but this is simpler.
> 
> > 
> >         ret = zswap_load(folio);
> >         if (ret != -ENOENT) {
> >                 folio_unlock(folio);
> >                 goto finish;
> >         }
> > 
> > 	read from swapfile...
> > 
> > Then in zswap_load(), move uptodate further up like this (I had
> > previously suggested this):
> > 
> > 	if (!zswap_decompress(entry, folio))
> > 		return -EIO;
> > 
> > 	folio_mark_uptodate(folio);
> > 
> > and I think it would be clear, even without or just minimal comments.
> 
> Another possibility is moving folio_mark_uptodate() back to
> swap_read_folio(), which should make things even clearer imo as the
> success/failure logic is all in one place:

That works. bdev, swapfile and zeromap set the flag in that file.

> 	ret = zswap_load(folio);
> 	if (ret != -ENOENT) {
> 		folio_unlock(folio);
> 		/* Comment about not marking uptodate */
> 		if (!ret)
> 			folio_mark_uptodate();
> 		goto finish;
> 	}

Personally, I like this one ^. The comment isn't needed IMO, as now
zswap really isn't doing anything special compared to the others.

> or we can make it crystal clear we have 3 distinct cases:
> 
> 	ret = zswap_load(folio);
> 	if (!ret) {
> 		folio_unlock(folio);
> 		folio_mark_uptodate();
> 		goto finish;
> 	} else if (ret != -ENOENT) {
> 		/* Comment about not marking uptodate */
> 		folio_unlock(folio);
> 		goto finish;
> 	}

This seems unnecessarily repetetive.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ