From patchwork Mon Sep 25 13:00:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Domenico Cerasuolo X-Patchwork-Id: 13397778 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D14A5CE7A81 for ; Mon, 25 Sep 2023 13:00:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 709118D0029; Mon, 25 Sep 2023 09:00:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6B9808D0001; Mon, 25 Sep 2023 09:00:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5813B8D0029; Mon, 25 Sep 2023 09:00:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 4885D8D0001 for ; Mon, 25 Sep 2023 09:00:15 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 022E4805BD for ; Mon, 25 Sep 2023 13:00:14 +0000 (UTC) X-FDA: 81275127990.21.31FF7DA Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com [209.85.218.42]) by imf06.hostedemail.com (Postfix) with ESMTP id F32BC180016 for ; Mon, 25 Sep 2023 13:00:10 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=DpDvtG3b; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf06.hostedemail.com: domain of cerasuolodomenico@gmail.com designates 209.85.218.42 as permitted sender) smtp.mailfrom=cerasuolodomenico@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1695646811; a=rsa-sha256; cv=none; b=zHeRjqQC8QyWkkNiTtGg6UaWWzDTt21p6tAaGeXqlXWeATppIxjU7Qc4swkjv+VpiL5TO7 IXwCp+pHliVbXFlyNyJCm8/muuXIrimUJKCZpzqICuRtYg8CII9RNUWx9Di1VWVvS9zV3f LHjM0VTk9d0cxr0deUKDe6BLVGuj9Uo= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=DpDvtG3b; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf06.hostedemail.com: domain of cerasuolodomenico@gmail.com designates 209.85.218.42 as permitted sender) smtp.mailfrom=cerasuolodomenico@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1695646811; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=d8bPvgPYa85OE64RYeOWcGAjGkQSeFdTUqTGSpUdX4g=; b=MDeK/uftnlIKIhWHvJURsNmIobT15MFR+FgqZDnHN6zfg39tCTv3lKKDrQFtZY6rk5j/mo pQ9SlUZM6QDouwpa+uEyq81ETPAwFk1V+DyKiafrr4Ko95JnqtXRDhYc295PCI7hlN+tM8 3xcJccsE0LcRpcS5d1/XigQBAbfBuns= Received: by mail-ej1-f42.google.com with SMTP id a640c23a62f3a-9adca291f99so777695366b.2 for ; Mon, 25 Sep 2023 06:00:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695646809; x=1696251609; darn=kvack.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=d8bPvgPYa85OE64RYeOWcGAjGkQSeFdTUqTGSpUdX4g=; b=DpDvtG3bezqPFuXp+oBXkusQlu2ITzkngBrHBEse/3hCID5sVfUPrfOFRCIcmLSttY scXzgnqSmzPowbD1+uB0E62PXE45nI3xfI7NnNc+gPITq+CtcYCXH9+1W9DfRahf2zFY zu8s7X6qeIDp4TQGnjXYeCnaWajvFCcH2l9vhjNUnOOZbCS/l0DuxHVvydZctEw+sHpS tby2yHpQDvJBME+38y2hrurIL4HjZIkK9oyI1TsheS40FmX0z2JFh2HZv+MHRR13Zqnf kwA89s6QJUyiHvK9hjWS3Ja9VD4Qc9dKRPgpQYudVsc8/Sdzrhsw6gwBJ1OQA24JQgL9 zqeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695646809; x=1696251609; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=d8bPvgPYa85OE64RYeOWcGAjGkQSeFdTUqTGSpUdX4g=; b=Yu7+3DbkwPNmuWB7JRp6FBKo5k29YJbc1DAc+aceziyqw2rdGDbdxQWTYNOlGdzZxL E9tJKnY/AGqQQHnUF4uuFle2mFhzfeL0IT7zboY356iMFZF8KVwlLffu42i7iKb+JsJp IJ5hWjzdIXAtZ3vE3rySdGVMneeMGoQIClkv04NXeLF6cIqCWwlU+UCXgDXi9Rh88z0E pPweeP/4l2q91XhBGaIhp92KKGqlix73E10vqmWay8lR9/6WzYvt9wtzlH/MOIOGGkML 5ulEJkP3WtjvA5GT7LF2P7eASD7scPZ3ySBruqOOK8xo2mEn0vRv+w15AlS9yRIM2Nl7 tzeQ== X-Gm-Message-State: AOJu0YywLwHWgWgP21JTV21JYl95sqyc5NX3GVOEtnw/CT52WiDqhih6 XKM1POquj4ALRyUf0uYx/TY= X-Google-Smtp-Source: AGHT+IFnWOVutZXesnGJeFlUOf93D0bZFlUGm31cJH9nj19/d1yhTb2TAAICRj+JQH3Ekp8ahBryVQ== X-Received: by 2002:a17:906:55:b0:9ad:78b7:29ea with SMTP id 21-20020a170906005500b009ad78b729eamr6237656ejg.44.1695646808582; Mon, 25 Sep 2023 06:00:08 -0700 (PDT) Received: from lelloman-5950.. (host-80-182-134-115.pool80182.interbusiness.it. [80.182.134.115]) by smtp.gmail.com with ESMTPSA id i8-20020a17090685c800b009ad7fc17b2asm6301108ejy.224.2023.09.25.06.00.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Sep 2023 06:00:07 -0700 (PDT) From: Domenico Cerasuolo To: sjenning@redhat.com, ddstreet@ieee.org, vitaly.wool@konsulko.com, akpm@linux-foundation.org, nphamcs@gmail.com, hannes@cmpxchg.org Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel-team@meta.com, Domenico Cerasuolo Subject: [PATCH v2] mm: zswap: fix potential memory corruption on duplicate store Date: Mon, 25 Sep 2023 15:00:02 +0200 Message-Id: <20230925130002.1929369-1-cerasuolodomenico@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: F32BC180016 X-Stat-Signature: 3qbi8m8zdsjf1111h5rytw8mwmwbdi8d X-HE-Tag: 1695646810-525817 X-HE-Meta: U2FsdGVkX19TfQpX2K5NUMxyhO2aWAcQERkwBwzXj+8d57/yKK18uF5Rc/cAMlcrg8J4LKnTAbQCs+ectJCAbZByDZX5+aSsZxhWm0aJPpc334vFkXPd68ODm6RMxv5/vPVUhXfgyN+9ncDkIT4kWiEFo/GD+ywoTdvAEqnhb7JmlFvXjR4RaRObs2025Dj6hMqGfKmq/wxVZ2Zx3HXazOqZwa218MPEykBvgf5mFHc9p0riopmgmM5MgMQltnVTmf6GIti2aRrtaXFWdK1C/1zL2POY0kbuhVw7wdan/N5wWpZE2oLh43b3ay0MZFaxEKnZfX3T7UKA2CeC5lc3cYkEEoBVj2h8YOILe8Zw5eyuvb35rjH/sYn9qdEZJdB8jWCDKafYgFnT6HXqxulMDTAKt6b0e2wCbhxHj2B3eogMrxQ5RgnbchUxeH6wfQG2LV9Ok7a+v5bRZO+0ZEUiKNuV5+i7mL1NqWVi473pgPU7ZGZUJzcbo28419C90qTAq3EJTFP/eiYp9c+YoJdm04sijO/YgcVSJnhw2ozylNBW+7l+lMClf0ma5Q1WgqWGhHwAzPnFz8irENP8RJME8NwXp293jiyoYWl2gOfi6q9ygz5w4tGlH/AaZwQcHhh9B7zsd9cUZw5H/FBCT0eq7y2ha6WfTLUBBJ6rP5sRxIbw3T2/vt9/FEZG8V+kAl+oE9WU60JWqkzoZ7rWNFO1bxhxW/n4DRVfTR9AMAH+nQIqaBVyqQJVAfpDW9jqXQUKVMxcLRH/sQNGyiFM4M6I9bbglmcjfP+c8qtpZcRNg86B/E1ZmSplZoj/uJKjRHNNIXNg292478Wfqr3hhpHIZzYRIiR2yJIv+IkMvyMywauGQY4F0z1bYi1yjfas8pvDkh2P02CmVm452KFg1rSHjuShF2xTa8NrBi5yJsBFEnNzYpdV8p+Tw37l/0joYPJ5oPfFH/TcCxX1W21SZ7s 4bwJmpR3 LFnxAZvpolUV3CCPGPA85UceL3fvFYxUBXQ+JZUNwdXFg0OQX4MJ+7+6jBDyyEMoNrDFw1McFonRPLqosE4sNd1G5O35VRfWy1+dfwqjLpBZ4WxQAjLBmFYlFUY92+S8afHj0GfT4OWkS8PC/IFOPus3C6SwJXWGF5WU5PGQUEBhsoH5Re1fNLGygYNsj/FXsENOmvJUq0xKCHrRmgvA28bJ1ItAx4preIZh/uoNl67ARRTVZ14o0Hu4qxMy4ZWaKHj7JYhREiYkFHls+RVcWcMUvOr1IlrM0JMCGxuznpiApXWxZMcIWL/mF6QSngOHTjTGxgax2BIj/dvp2P64j2zUPhGSTuZOU1yaHMELqKfpgd+0R9Bp8ZL2oiVR9eMPb6D8tYjDwMrt+CpCiMLYJCT5d+QWSjLcwN5X8KtLegQ4yBWUfqNlsH1amRo1gzrxBmCgh X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: While stress-testing zswap a memory corruption was happening when writing back pages. __frontswap_store used to check for duplicate entries before attempting to store a page in zswap, this was because if the store fails the old entry isn't removed from the tree. This change removes duplicate entries in zswap_store before the actual attempt. V2: - Added a warning and a comment to the second duplicates check in zswap_store function (Johannes). Based on commit ce9ecca0238b ("Linux 6.6-rc2") Fixes: 42c06a0e8ebe ("mm: kill frontswap") Signed-off-by: Domenico Cerasuolo --- mm/zswap.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/mm/zswap.c b/mm/zswap.c index 412b1409a0d7..083c693602b8 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -1218,6 +1218,19 @@ bool zswap_store(struct folio *folio) if (!zswap_enabled || !tree) return false; + /* + * If this is a duplicate, it must be removed before attempting to store + * it, otherwise, if the store fails the old page won't be removed from + * the tree, and it might be written back overriding the new data. + */ + spin_lock(&tree->lock); + dupentry = zswap_rb_search(&tree->rbroot, offset); + if (dupentry) { + zswap_duplicate_entry++; + zswap_invalidate_entry(tree, dupentry); + } + spin_unlock(&tree->lock); + /* * XXX: zswap reclaim does not work with cgroups yet. Without a * cgroup-aware entry LRU, we will push out entries system-wide based on @@ -1333,7 +1346,14 @@ bool zswap_store(struct folio *folio) /* map */ spin_lock(&tree->lock); + /* + * A duplicate entry should have been removed at the beginning of this + * function. Since the swap entry should be pinned, if a duplicate is + * found again here it means that something went wrong in the swap + * cache. + */ while (zswap_rb_insert(&tree->rbroot, entry, &dupentry) == -EEXIST) { + WARN_ON(1); zswap_duplicate_entry++; zswap_invalidate_entry(tree, dupentry); }