lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Z8AUaQamubA9lWae@google.com>
Date: Thu, 27 Feb 2025 07:29:45 +0000
From: Yosry Ahmed <yosry.ahmed@...ux.dev>
To: Johannes Weiner <hannes@...xchg.org>
Cc: Nhat Pham <nphamcs@...il.com>, akpm@...ux-foundation.org,
	chengming.zhou@...ux.dev, linux-mm@...ck.org, kernel-team@...a.com,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] zswap: do not crash the kernel on decompression
 failure

On Thu, Feb 27, 2025 at 07:11:59AM +0000, Yosry Ahmed wrote:
> On Thu, Feb 27, 2025 at 01:16:16AM -0500, Johannes Weiner wrote:
> > On Thu, Feb 27, 2025 at 05:44:29AM +0000, Yosry Ahmed wrote:
> > > On Wed, Feb 26, 2025 at 11:31:41PM -0500, Johannes Weiner wrote:
> > > > On Thu, Feb 27, 2025 at 01:19:31AM +0000, Yosry Ahmed wrote:
> > > > > On Wed, Feb 26, 2025 at 04:14:45PM -0800, Nhat Pham wrote:
> > > > > >  	if (WARN_ON_ONCE(folio_test_large(folio)))
> > > > > >  		return true;
> > > > > >  
> > > > > > +	entry = xa_load(tree, offset);
> > > > > > +	if (!entry)
> > > > > > +		return false;
> > > > > > +
> > > > > 
> > > > > A small comment here pointing out that we are deliberatly not setting
> > > > > uptodate because of the failure may make things more obvious, or do you
> > > > > think that's not needed?
> > > > >
> > > > > > +	if (!zswap_decompress(entry, folio))
> > > > > > +		return true;
> > > > 
> > > > How about an actual -ev and have this in swap_read_folio():
> > > 
> > > Good idea, I was going to suggest an enum but this is simpler.
> > > 
> > > > 
> > > >         ret = zswap_load(folio);
> > > >         if (ret != -ENOENT) {
> > > >                 folio_unlock(folio);
> > > >                 goto finish;
> > > >         }
> > > > 
> > > > 	read from swapfile...
> > > > 
> > > > Then in zswap_load(), move uptodate further up like this (I had
> > > > previously suggested this):
> > > > 
> > > > 	if (!zswap_decompress(entry, folio))
> > > > 		return -EIO;
> > > > 
> > > > 	folio_mark_uptodate(folio);
> > > > 
> > > > and I think it would be clear, even without or just minimal comments.
> > > 
> > > Another possibility is moving folio_mark_uptodate() back to
> > > swap_read_folio(), which should make things even clearer imo as the
> > > success/failure logic is all in one place:
> > 
> > That works. bdev, swapfile and zeromap set the flag in that file.
> > 
> > > 	ret = zswap_load(folio);
> > > 	if (ret != -ENOENT) {
> > > 		folio_unlock(folio);
> > > 		/* Comment about not marking uptodate */
> > > 		if (!ret)
> > > 			folio_mark_uptodate();
> > > 		goto finish;
> > > 	}
> > 
> > Personally, I like this one ^. The comment isn't needed IMO, as now
> > zswap really isn't doing anything special compared to the others.
> > 
> > > or we can make it crystal clear we have 3 distinct cases:
> > > 
> > > 	ret = zswap_load(folio);
> > > 	if (!ret) {
> > > 		folio_unlock(folio);
> > > 		folio_mark_uptodate();
> > > 		goto finish;
> > > 	} else if (ret != -ENOENT) {
> > > 		/* Comment about not marking uptodate */
> > > 		folio_unlock(folio);
> > > 		goto finish;
> > > 	}
> > 
> > This seems unnecessarily repetetive.
> 
> I know, but looking at the two, this one makes it clearer to me there
> are 3 distinct cases, and the redundancy is not terrible.
> 
> So I personally prefer the latter, but I am fine either way.

I just realized that swap_read_folio_zeromap() does the same trick, so
we should probably also move the folio_mark_uptodate() in there to
swap_read_folio().

Maybe we can do something like this:

/* Returns true if the folio was in the zeromap or zswap */
bool swap_read_folio_in_memory(struct folio *folio)
{
	int ret;

	ret = swap_read_folio_zeromap(folio);
	if (ret == -ENOENT)
		ret = zswap_load(folio);

	if (ret == 0) {
		folio_mark_uptodate(folio);
		folio_unlock(folio);
		return true;
	} else if (ret != -ENOENT) {
		folio_unlock(folio);
		return true;
	} else {
		return false;
	}
}

void swap_read_folio(struct folio *folio, struct swap_iocb **plug)
{
	...
	if (swap_read_folio_in_memory(folio))
		goto finish;
	...
}

Admittedly, swap_read_folio_in_memory() is not a good name. Maybe
swap_read_folio_zeromap_or_zswap() :)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ