From patchwork Fri Sep 22 17:22:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Domenico Cerasuolo X-Patchwork-Id: 13396061 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA07DCD4846 for ; Fri, 22 Sep 2023 17:22:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4E5FF6B02F6; Fri, 22 Sep 2023 13:22:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 495F36B02F7; Fri, 22 Sep 2023 13:22:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 336546B02F8; Fri, 22 Sep 2023 13:22:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 1FFCD6B02F6 for ; Fri, 22 Sep 2023 13:22:23 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id ECF4C16115C for ; Fri, 22 Sep 2023 17:22:22 +0000 (UTC) X-FDA: 81264902124.13.3D57300 Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com [209.85.218.45]) by imf22.hostedemail.com (Postfix) with ESMTP id 1EF37C0009 for ; Fri, 22 Sep 2023 17:22:20 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=HBjZM5KQ; spf=pass (imf22.hostedemail.com: domain of cerasuolodomenico@gmail.com designates 209.85.218.45 as permitted sender) smtp.mailfrom=cerasuolodomenico@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1695403341; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=EstAJdqqJobGtsfoo9iGZ9EtBqPSgDnFgltPzivwLhc=; b=imM90MRZRHjRTm0s4DH4VI/MckGFAHwNUaHfFMoW6hQE3EssWWmcAVhV4JobyleYxTzPvv iMKeddk6MVUb43Uw8rT0yLohLOnC5myqydhQz+a3jfFwbUBTqIaT3Du/b+OEwW2omXmcBL ldS2nuBKrZ/vxJMRYn1apSlK8ZG9P3g= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=HBjZM5KQ; spf=pass (imf22.hostedemail.com: domain of cerasuolodomenico@gmail.com designates 209.85.218.45 as permitted sender) smtp.mailfrom=cerasuolodomenico@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1695403341; a=rsa-sha256; cv=none; b=377prJT7z1NvAft4sBzdRoNQtP9rdStEYKyZWZabMBC4+CaYxB9VjAYNEn4hOmr5rfFPGr hM8pBWncVjnvmNypDOQgXfysvb3Zhz2hH7fXzlF8ulwKai8csvt2XyUQ5Uvw9naYnsSnjM PSOxkcGhS8afk9XcVEbck86qf75cOiE= Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-9b11cc499c2so42602566b.2 for ; Fri, 22 Sep 2023 10:22:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695403339; x=1696008139; darn=kvack.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=EstAJdqqJobGtsfoo9iGZ9EtBqPSgDnFgltPzivwLhc=; b=HBjZM5KQ+8NAtFDk+EgzgySYRh6F5dxLOt1pn81CkDijergTllfRMoNkS71mJHioTE /tNd60ZSUrAXNzs3xPnnCSUbN2QwMTowulIy/AgdBQjLC7XjtWsJyCDf8fRPRCCew8dK o0hOEGsVfz2eMtsOt6obtqrUudQVhHhRgPYPKU7CdxtxmKF+CD2Homba0JNrh5jgtt+w vt2LW1FFKBkyl677ueuYvIv9h4x1Ve9TzCiCkMDJWxYSvXiGa3jlcyHq/N2Q05Ni6C5y vQ0NYngYHVF1ycWpF0DomQJqvxUnhmfRB245V8BQ9Fm3Uc77tOI7iq62bjt0arbIdujM h8mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695403339; x=1696008139; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EstAJdqqJobGtsfoo9iGZ9EtBqPSgDnFgltPzivwLhc=; b=IFipD5p2af3GN5SzTco1z4kayfPAyqmaQbiJpvJbBpHKh+4qu4eknnqEu2l1rI1znM ykAT8WwKWxw4RZOAzm+pUBSZBYpYwe9lM9dpuHC51MNzqkU+qouehpbQ1Df48XvanUTL MdMnM7zWxNnQDUmFdm6fz/GkCGCOlVwGGxykNgyQqEN7uRaFrFxOHhdQ3d2UXmRWCc0H xUsUXh5KSi3zCSWKytsk0urUzZL+xRI/+OTsacEZvBeGrGveYQoDe98lZKMBg9HSwIBc wJBuN2Vxq3KQiiy0T0zzYng66AzUfcUK4q0jDCtVT+DYb+9vNJg/+q4p47Pw02mdPgUq IYSQ== X-Gm-Message-State: AOJu0YyQFscJw5MpGVXFyw3dBRggodSO0ZnPeizTF5dTpZeS5pZejsn6 BT0JWJwI6z3Hoa115Cg2yiKnWSar/c2KYw== X-Google-Smtp-Source: AGHT+IG1U1pWgWNzY9WfNfFnz7+R7yJGswXrGJyI4sJ/Ocv0ubp+uYs/lvXeVtKxmLczO5P1zbhfbQ== X-Received: by 2002:a17:906:da86:b0:9ae:5db5:149 with SMTP id xh6-20020a170906da8600b009ae5db50149mr33223ejb.35.1695403339445; Fri, 22 Sep 2023 10:22:19 -0700 (PDT) Received: from lelloman-5950.. (host-80-182-134-115.pool80182.interbusiness.it. [80.182.134.115]) by smtp.gmail.com with ESMTPSA id t20-20020a170906949400b0099bd5d28dc4sm2982466ejx.195.2023.09.22.10.22.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Sep 2023 10:22:18 -0700 (PDT) From: Domenico Cerasuolo To: sjenning@redhat.com, ddstreet@ieee.org, vitaly.wool@konsulko.com, akpm@linux-foundation.org, nphamcs@gmail.com, hannes@cmpxchg.org Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel-team@meta.com, Domenico Cerasuolo Subject: [PATCH] mm: zswap: fix potential memory corruption on duplicate store Date: Fri, 22 Sep 2023 19:22:11 +0200 Message-Id: <20230922172211.1704917-1-cerasuolodomenico@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Rspamd-Queue-Id: 1EF37C0009 X-Rspam-User: X-Stat-Signature: iw318pm9oixbxr11zgw1ask9hb3hhhgy X-Rspamd-Server: rspam01 X-HE-Tag: 1695403340-721392 X-HE-Meta: U2FsdGVkX1+oWk92W7N9bPGtcEa38uUmJ6832MxV3WUVyT+nTLMNV8Nrl+1T7ekq71TfdLGmX4kP0qij/Zj3Lfcr49iAXhu8kaPWo+dbYAXISvy0Kmaj9njyYweAl+h0xLIrtJvL6ed82pq98jiuDpT+GWnnpFnPe17EYSZgv2GtZNjmmS5Q/ofz88yRGsDzecOdE9McZMdaVXFOhPXAJIGL9gODyPsmQWpxS0hHrj6J/4L2FoUEuageY1TYhIwcfsC7oc0YevISeBf2RNZrcReBfjQS/qRIo4m6etUEART/CC2IbSszDxaxwEcrMpTf3gUhm1sLiDXvxsLau0vbOX72EqC1gLxgTvEtq3CCvcCmcq+fZDPGJQifPAHTD9Q1asC83f6p8Au5B//rwesH/qNZNzBzCkXySHz+LgFUcaGq0l82L0D5XKN/fpLyqnTbK3GY9Ynaq7giZdmN4WqyZ7P9/N1mXKROXsYkNxxxeEUNQevxqrNSq/DpGTdsVhLAsXm0Q0ynIyO8LvFPjAO381Yd2LZqPiB/smTvSuIJ9K5QeDJIm8qkFKSMJavMQTXONVA5I4n9nf6M8xNlMNVgBMUQOI9Py8mnFRghusABrjQ2xKejQaVcGarXTFHaEYwcl8SSMzvoQmOpwIZ1/h2BdWexV2OJJ/aA1EiCt+CDQXMXCPJ/B6op6yFXwR267ok0moO9EY/+gLUZo003TbQ/tUW2qWJ6FUToQEm5lUhtVO6JKo11dzD74UrDmS90cOF32xeShS2gdL2xSaVCRsrJmLEnzOOAs7OiyAJud106e001w5t1mljsqjqrFS/bYBOoMOcUkb8EVyOxb4EjbQOLpuKzOPSETE16dnbKH+NseHhGOSp53ywVLu5WfycxO4q9s0VBZw/0znXdS0gbN/QzPYxmLuDpUrsI4rfDjAnXpxbpugKWgLDqKRuKA4j3ZYPK99wRryp9rsUXxndp2pa aC65oGVZ 8v65dAQZa3RpHiYk42EYMt6wxMTMuR8bcXNkK/TH5S6voDkVCyzmpzLYf3g2t6PlZBQP5ZGrJffJqEGL6k2qHtOKqBBfGUqOoI9gSH+3uutRGLnLIrS0RQClN3xzbRi9caUAY6NnANyHKO4/njScGB0MJ1k/iYSxOg0NBwjJ/kwvE2JumPKccfYsH1sxK3aQYr57TgU9zTXUv90v7US7Lfta9cTvP3f0nNN046fnJFo8VfNygkUCMdvvbEiA7DTNjSdYTUxhlQglP8idB2p2fSJ+/we2HeuEudJfr464W0NuJ0RSj3B/WMlBZCI5nV48RJODZOtjwXFYn1CfU+v7/azhoyWmjtcY7fYFArfKRRHsv3mKuf1l/m6O50LCDUMx9oopmJWFNfbZ9JW4itu57LE3zjlRzuUXpKT4/3XBmgIOcTgOaN/uRSI6aqX2DRRBEXVux X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: While stress-testing zswap a memory corruption was happening when writing back pages. __frontswap_store used to check for duplicate entries before attempting to store a page in zswap, this was because if the store fails the old entry isn't removed from the tree. This change removes duplicate entries in zswap_store before the actual attempt. Based on commit ce9ecca0238b ("Linux 6.6-rc2") Fixes: 42c06a0e8ebe ("mm: kill frontswap") Signed-off-by: Domenico Cerasuolo Acked-by: Johannes Weiner Acked-by: Nhat Pham --- mm/zswap.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/mm/zswap.c b/mm/zswap.c index 412b1409a0d7..9146f9f19061 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -1218,6 +1218,19 @@ bool zswap_store(struct folio *folio) if (!zswap_enabled || !tree) return false; + /* + * If this is a duplicate, it must be removed before attempting to store + * it, otherwise, if the store fails the old page won't be removed from + * the tree, and it might be written back overriding the new data. + */ + spin_lock(&tree->lock); + dupentry = zswap_rb_search(&tree->rbroot, offset); + if (dupentry) { + zswap_duplicate_entry++; + zswap_invalidate_entry(tree, dupentry); + } + spin_unlock(&tree->lock); + /* * XXX: zswap reclaim does not work with cgroups yet. Without a * cgroup-aware entry LRU, we will push out entries system-wide based on