From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DECD4C54E5D for ; Tue, 19 Mar 2024 02:30:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 426F86B0083; Mon, 18 Mar 2024 22:30:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3D7266B0085; Mon, 18 Mar 2024 22:30:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2777D6B0087; Mon, 18 Mar 2024 22:30:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 1490E6B0083 for ; Mon, 18 Mar 2024 22:30:17 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id B02471A0533 for ; Tue, 19 Mar 2024 02:30:16 +0000 (UTC) X-FDA: 81912209232.14.CDC35B0 Received: from mail-qt1-f175.google.com (mail-qt1-f175.google.com [209.85.160.175]) by imf29.hostedemail.com (Postfix) with ESMTP id A44A3120002 for ; Tue, 19 Mar 2024 02:30:14 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=cmpxchg-org.20230601.gappssmtp.com header.s=20230601 header.b=Q7VQofSy; spf=pass (imf29.hostedemail.com: domain of hannes@cmpxchg.org designates 209.85.160.175 as permitted sender) smtp.mailfrom=hannes@cmpxchg.org; dmarc=pass (policy=none) header.from=cmpxchg.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1710815414; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=YBzra2Th0pPUWgLwXZXyocunbnlDqKGO4FQ4Z1Askz0=; b=jte1EBwN25TJSnSBXi3G+GANMbyIIbe1+Vq5IYlOZxq6HKjRk1Hu6hu5AjQsxQPqOoiTDc LQ7HEvdKH/2hl9EkDYeJZ3I3L4LI38oazLHcq3UShkeqtRFZKMLXbYgOvVpAY4hkJlWFNw G73l2itvApUEfKCGPQZNYV3CcuHFoyA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710815414; a=rsa-sha256; cv=none; b=MBYu09XxFMtPRd8Ww3oKZYu41nUO0AvjZTf5LMSUTyuIONdaVHwlpyaJkmZWuyP5525bvU gbG+1zdXvMuPeZ2K5Tk4J7+JchfbBCpS2Wh2Dy9P3ngy0oeT5OeJtSN1pGyuDifOdC7A03 2voRAuEXcshq1ddZp/zEQL8Pa6Ii6JI= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=cmpxchg-org.20230601.gappssmtp.com header.s=20230601 header.b=Q7VQofSy; spf=pass (imf29.hostedemail.com: domain of hannes@cmpxchg.org designates 209.85.160.175 as permitted sender) smtp.mailfrom=hannes@cmpxchg.org; dmarc=pass (policy=none) header.from=cmpxchg.org Received: by mail-qt1-f175.google.com with SMTP id d75a77b69052e-42a029c8e76so38469201cf.2 for ; Mon, 18 Mar 2024 19:30:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cmpxchg-org.20230601.gappssmtp.com; s=20230601; t=1710815413; x=1711420213; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=YBzra2Th0pPUWgLwXZXyocunbnlDqKGO4FQ4Z1Askz0=; b=Q7VQofSyane33ICT9xy0O87Wb/yG2qbQ6M1SPpYcaLzHUznbpy3AZrXRLd+RNKW6xN StrxsmVpmfOJvKUreYgpOyplDAR/LIjXT4PGRxBataRJKKC8oCBAPxqVjpzlTUZgA8FG +fOEjsO2XqN6PR9PSNhGGBjM2pknYUhrJN3C37HLMilcbKL54tBRQmzj3RmRGZcpJl7T pFXDfvCy2eKIoObeDqTZD6PATOZAb3e318qWmENXv1gDCgbqjYUA/lynSfh0SP9Unmy5 eytUibmWSwh6IZcdTZfPJ0GS5IVn5QKE7ZNrLKQ8alzYcQuYgoaBHcjfNYt51ifjJvX3 Ho9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710815413; x=1711420213; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=YBzra2Th0pPUWgLwXZXyocunbnlDqKGO4FQ4Z1Askz0=; b=BIeZuG5IuqDvwnym7lFKO6i1IY8E9GQWKkRCxY37nWo2MDSqSFOJLP6rbTVc4lbUNf CW1YijwDlm3qmsNvFpgEeo8eM2dVkJV850bjjTVY6aKWbRTMMYNoaqFEK6wCuU5emiCh bVKwv0rZpnDbd5hKBUvzWM0/3blkjcvgcs4y+TSOLpVusxaskf4bhg0zOUmrnEDcfezK Exg2/7eCa/ykOiOCbICOYz+hUceNwhUSazrcSugYbrWJAmwY/8L104OuwCQg3eRSVqqP LH5/PqhpGXqVLzmsO2SmUBVX5aDgUf64ZpgFzegmaHHqlgE3eMTKFL+JJg7jy13LyN4U BYWw== X-Forwarded-Encrypted: i=1; AJvYcCWJLUGuctauwDZwXCWOfTakUY1ur6m9Ie2Kzr2rZfPo3C8pUymbMuAPbcGpz6ZOnDoldroDi3fnijHVK7ItMQ9GHho= X-Gm-Message-State: AOJu0Yxbu39TASEbV9onmtlekyZobRzdtpmHSNhj/42mBXx/wZPU7NSE k/eQM8MBE77oeL13BTJuVVnyf/fJKXSNGNSdasia3IhQRNmLUoYMQlJirfMM+Kw= X-Google-Smtp-Source: AGHT+IGbJvABeebHXC7KKwM+viTH9nzNbDCF2xmpL7GjTnGlvOddUvlPFg0Igf1O+QjCrgBE/eMe5A== X-Received: by 2002:a05:622a:178d:b0:42e:f3bc:9d9b with SMTP id s13-20020a05622a178d00b0042ef3bc9d9bmr17371005qtk.9.1710815413708; Mon, 18 Mar 2024 19:30:13 -0700 (PDT) Received: from localhost (2603-7000-0c01-2716-da5e-d3ff-fee7-26e7.res6.spectrum.com. [2603:7000:c01:2716:da5e:d3ff:fee7:26e7]) by smtp.gmail.com with ESMTPSA id eh14-20020a05622a578e00b0042f2130cd0csm2237424qtb.34.2024.03.18.19.30.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Mar 2024 19:30:13 -0700 (PDT) Date: Mon, 18 Mar 2024 22:30:12 -0400 From: Johannes Weiner To: Barry Song <21cnbao@gmail.com> Cc: yosryahmed@google.com, nphamcs@gmail.com, akpm@linux-foundation.org, chrisl@kernel.org, v-songbaohua@oppo.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, ira.weiny@intel.com, syzbot+adbc983a1588b7805de3@syzkaller.appspotmail.com Subject: Re: [PATCH v2] mm: zswap: fix kernel BUG in sg_init_one Message-ID: <20240319023012.GC4210@cmpxchg.org> References: <20240318234706.95347-1-21cnbao@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240318234706.95347-1-21cnbao@gmail.com> X-Rspamd-Queue-Id: A44A3120002 X-Rspam-User: X-Stat-Signature: g6756r1auzaa8syats3mu3ddtntaad8u X-Rspamd-Server: rspam03 X-HE-Tag: 1710815414-135871 X-HE-Meta: U2FsdGVkX18RvkwvwkKIfMgoUDQAgeeO0IE8QFeWDqjVFXJYXjQJgXHTOTp+kUgr7krU0zOZprXjSDwehqENblRbYh6EPgFBnZjob74SgGkoStVMf9cREhBBGurrCURuwFWXOnRJugEhmyg+LDRDjv0HgzeP/ps5SsU8F5o9EzIFhx3FdsfHHFnPgHaI+eT21jqWhi0RVMsLtOyVBoLnub0mmxjuXrX53QZq0p9BUD+EqSJhcMz6USx+ZgNHCwwHk28EJ4XAKXiduyv63RAIup/By8/pqEgy4YrT2+eXn23VwjHsx4kB+775CG9kwMybg+OiZIdkVX6mAw5dw9D9AZL6GpIEa2/mKXKyGSltYASF4KF4PEdqq5Vf0efhv1ymgyyWWQ5xZY+wuDY+aQesQyFFVS06cikkmscDjF5SZquG6ArtufNGlQjjWQ2YksCV+IpYeNsnemsHfS++EQOaKaxpCNMu61ip+/yhoQ/REm1VRwqDw7bEmoyy8mUqzR9Fuxi5vPV11kSUxiQCRtaNjHILjWaZOAxFFU19I3f8j618Rj2Ch+8IMW++7Th+cj4jEwuPqov+9Y2mDURNjkh+E95R4pdaYW28EFKdh1mFewysImrc1H7vo9S+n+bepl54Xu17XN1dW+dlXrMXoWtIJMr9ceuCf82j0VOctHqSm7UJwERiHWSKlMtZ2c/0cPzMqEzxRbEuVZbp83Ox4kUBcA0s8dmd2EGaZgtFCFHQsSBfkP+2h+8TJHAzGP5MCXKibBavxsCtoM45+o4Ro28Nethq3XUtZYMUvGAgUevjvlRChe9rcs81DXc0IJMzNTnZbxAr0QCc2Samzbe4Qqe/ycIUPUpTCVHwg/TyWp0oGKt1qh0I6xKOWgba6bzACez6J7mZyE9moZSHbjcclt+DWxSbOZ92YJF5iGFOnx0QdfqfIUtc0moozqrfXo5t7IIxIMqFuLYzjIMdRbB+SEy 98PbitqM hVx2zKTuko5vKPooPbEpOOfWD8S5RosNMh9sgr1u0am+7VvhdqbTANqzHo0j8rqm3OU9BCdMQCT6b8hP8xuwnqeZuvDTVE+mz0msSagMqBFYSUxrrVOA7KYY95T+vaFTi+xuW8F/tBsLKhWamoAF9qAeqfjQeyEafPO2dpdFuaKNGBlH3WdG85L+GACTYyQPVi56cnzmX+VXUhHE9+jb3EmO+ykIF6cFb752z9Kr+8JM7ej7R+KI97VuXl5jpP4u9x6CUGlV3JO+MGr+HEO4ml8X59gSkaFMRgc8z1oSATxZVPc1An24KhL1LP3SfzrJHjl/Z78g+jeKX4Kc8uCvazNAEH28vM0YN9HLdShg8Nlcul5ktetXrhB9TxRblkRIRep50O2stwHs6JBEZXz2mchSUlLhSAkra1ugtxRBE9ZvTZWhkp5ATRENsY26XWvmkea1LTOAmI4RheBc7bMWgmb9gWJcwQW7yjjMNWRq2zxfoSgbxTszF7fSf29WvDpxFE2Me9eo0Ht38swGqP/Bx1LzYg3uNTA2rGscXNp+YLBmbwWq3C0aXGENz0tDCORlH5LvEnTWhYhHraXqFqbzcppLPNwBoZZIj3UVvGTREwGQXvGt9IcrsOq0z2X0BNuMwPcm6rjqkfY4mvec3g6llU2DpOPYy17tZ7/11yQ1QeNTWfJAPONRT6cDeAvbzckQI5rzQbeXj9kB1ll9LEJI3kq+eq7g+z4h72HUa3PVT+DRKuS+QNVVw9l1QU6xx2C3NVK+uxBEXWXaHdPwm8dqxG0D2Vd9wCEgCNC4GIWVvA/wkK4U= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Mar 19, 2024 at 12:47:06PM +1300, Barry Song wrote: > From: Barry Song > > sg_init_one() relies on linearly mapped low memory for the safe > utilization of virt_to_page(). Otherwise, we trigger a kernel > BUG, > > kernel BUG at include/linux/scatterlist.h:187! > Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM > Modules linked in: > CPU: 0 PID: 2997 Comm: syz-executor198 Not tainted 6.8.0-syzkaller #0 > Hardware name: ARM-Versatile Express > PC is at sg_set_buf include/linux/scatterlist.h:187 [inline] > PC is at sg_init_one+0x9c/0xa8 lib/scatterlist.c:143 > LR is at sg_init_table+0x2c/0x40 lib/scatterlist.c:128 > Backtrace: > [<807e16ac>] (sg_init_one) from [<804c1824>] (zswap_decompress+0xbc/0x208 mm/zswap.c:1089) > r7:83471c80 r6:def6d08c r5:844847d0 r4:ff7e7ef4 > [<804c1768>] (zswap_decompress) from [<804c4468>] (zswap_load+0x15c/0x198 mm/zswap.c:1637) > r9:8446eb80 r8:8446eb80 r7:8446eb84 r6:def6d08c r5:00000001 r4:844847d0 > [<804c430c>] (zswap_load) from [<804b9644>] (swap_read_folio+0xa8/0x498 mm/page_io.c:518) > r9:844ac800 r8:835e6c00 r7:00000000 r6:df955d4c r5:00000001 r4:def6d08c > [<804b959c>] (swap_read_folio) from [<804bb064>] (swap_cluster_readahead+0x1c4/0x34c mm/swap_state.c:684) > r10:00000000 r9:00000007 r8:df955d4b r7:00000000 r6:00000000 r5:00100cca > r4:00000001 > [<804baea0>] (swap_cluster_readahead) from [<804bb3b8>] (swapin_readahead+0x68/0x4a8 mm/swap_state.c:904) > r10:df955eb8 r9:00000000 r8:00100cca r7:84476480 r6:00000001 r5:00000000 > r4:00000001 > [<804bb350>] (swapin_readahead) from [<8047cde0>] (do_swap_page+0x200/0xcc4 mm/memory.c:4046) > r10:00000040 r9:00000000 r8:844ac800 r7:84476480 r6:00000001 r5:00000000 > r4:df955eb8 > [<8047cbe0>] (do_swap_page) from [<8047e6c4>] (handle_pte_fault mm/memory.c:5301 [inline]) > [<8047cbe0>] (do_swap_page) from [<8047e6c4>] (__handle_mm_fault mm/memory.c:5439 [inline]) > [<8047cbe0>] (do_swap_page) from [<8047e6c4>] (handle_mm_fault+0x3d8/0x12b8 mm/memory.c:5604) > r10:00000040 r9:842b3900 r8:7eb0d000 r7:84476480 r6:7eb0d000 r5:835e6c00 > r4:00000254 > [<8047e2ec>] (handle_mm_fault) from [<80215d28>] (do_page_fault+0x148/0x3a8 arch/arm/mm/fault.c:326) > r10:00000007 r9:842b3900 r8:7eb0d000 r7:00000207 r6:00000254 r5:7eb0d9b4 > r4:df955fb0 > [<80215be0>] (do_page_fault) from [<80216170>] (do_DataAbort+0x38/0xa8 arch/arm/mm/fault.c:558) > r10:7eb0da7c r9:00000000 r8:80215be0 r7:df955fb0 r6:7eb0d9b4 r5:00000207 > r4:8261d0e0 > [<80216138>] (do_DataAbort) from [<80200e3c>] (__dabt_usr+0x5c/0x60 arch/arm/kernel/entry-armv.S:427) > Exception stack(0xdf955fb0 to 0xdf955ff8) > 5fa0: 00000000 00000000 22d5f800 0008d158 > 5fc0: 00000000 7eb0d9a4 00000000 00000109 00000000 00000000 7eb0da7c 7eb0da3c > 5fe0: 00000000 7eb0d9a0 00000001 00066bd4 00000010 ffffffff > r8:824a9044 r7:835e6c00 r6:ffffffff r5:00000010 r4:00066bd4 > Code: 1a000004 e1822003 e8860094 e89da8f0 (e7f001f2) > ---[ end trace 0000000000000000 ]--- > ---------------- > Code disassembly (best guess): > 0: 1a000004 bne 0x18 > 4: e1822003 orr r2, r2, r3 > 8: e8860094 stm r6, {r2, r4, r7} > c: e89da8f0 ldm sp, {r4, r5, r6, r7, fp, sp, pc} > * 10: e7f001f2 udf #18 <-- trapping instruction > > Consequently, we have two choices: either employ kmap_to_page() alongside > sg_set_page(), or resort to copying high memory contents to a temporary > buffer residing in low memory. However, considering the introduction > of the WARN_ON_ONCE in commit ef6e06b2ef870 ("highmem: fix kmap_to_page() > for kmap_local_page() addresses"), which specifically addresses high > memory concerns, it appears that memcpy remains the sole viable > option. > > Reported-and-tested-by: syzbot+adbc983a1588b7805de3@syzkaller.appspotmail.com > Closes: https://lore.kernel.org/all/000000000000bbb3d80613f243a6@google.com/ > Fixes: 270700dd06ca ("mm/zswap: remove the memcpy if acomp is not sleepable") > Signed-off-by: Barry Song Acked-by: Johannes Weiner Making highmem more efficient isn't much of a priority, but I would still be curious to hear Ira's thought on that WARN_ON_ONCE().