From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 74495C4345F for ; Thu, 18 Apr 2024 12:40:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A1A166B0088; Thu, 18 Apr 2024 08:40:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9CAA46B0089; Thu, 18 Apr 2024 08:40:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 86BB16B008C; Thu, 18 Apr 2024 08:40:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 6820F6B0088 for ; Thu, 18 Apr 2024 08:40:52 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 1C5EC1206CF for ; Thu, 18 Apr 2024 12:40:52 +0000 (UTC) X-FDA: 82022611944.13.7825EBA Received: from mail-yb1-f174.google.com (mail-yb1-f174.google.com [209.85.219.174]) by imf07.hostedemail.com (Postfix) with ESMTP id E62384000F for ; Thu, 18 Apr 2024 12:40:49 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=cmpxchg-org.20230601.gappssmtp.com header.s=20230601 header.b=H659kRK3; dmarc=pass (policy=none) header.from=cmpxchg.org; spf=pass (imf07.hostedemail.com: domain of hannes@cmpxchg.org designates 209.85.219.174 as permitted sender) smtp.mailfrom=hannes@cmpxchg.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1713444050; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GsKNX1Jtc4wi0IxWCLI9huAtIgpytdCJy3O9dcSAXkc=; b=CrfZw5zIjQNzzPs2coI8Ry4av+V0qBGefMu1eXuaKQGOn0YcVxFy7PsOdape9fnxDpO+jm rj3W1CTFuUrL2jtsfsudHZYcCemuBMlp2fHv8xl8cxgkJaqJbw+adQOFrir9veERPQWSOm XY6HYLqqjHpbf4Bk+XfIWG0O2sHv8pY= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=cmpxchg-org.20230601.gappssmtp.com header.s=20230601 header.b=H659kRK3; dmarc=pass (policy=none) header.from=cmpxchg.org; spf=pass (imf07.hostedemail.com: domain of hannes@cmpxchg.org designates 209.85.219.174 as permitted sender) smtp.mailfrom=hannes@cmpxchg.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1713444050; a=rsa-sha256; cv=none; b=vPxTjDKcIbTZZEJEuAbrJBQ/ETCgBhgX9H9BTeE+7a2wPWEGNzQ4PaaC3s0TJFi9t3ZrTG SuQJPXKxS+HfWDM4T1wiqLee3/bYpmTNbbHxmWcGL3ieHa++J3IBuWsA+t38G9YnVpaCBr 2SOvTZvhxM9psmO5HgnvSutvGAa8NgM= Received: by mail-yb1-f174.google.com with SMTP id 3f1490d57ef6-de45385a1b4so914641276.3 for ; Thu, 18 Apr 2024 05:40:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cmpxchg-org.20230601.gappssmtp.com; s=20230601; t=1713444049; x=1714048849; darn=kvack.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=GsKNX1Jtc4wi0IxWCLI9huAtIgpytdCJy3O9dcSAXkc=; b=H659kRK3EA7MKCu8c9/DvGCS+Ytb/1DIWCrq5Ue1shCrTZr/ljZn0RDhoHzCHTqgf1 f+esFX1SWcjGE3fhrJb/YhRiOvlRyF2/w/UFxptLhP97yRmp5MwE3rQkvZXKl37SgbT2 OepJJxVnEMNpZ66dS4D/vRQsLbLNuLUAZA3HHpXXiNByJqi2Uxboye28GCF1dluZAIGM FoH9zFPsVC3p5E6CTCAMwguxaXdEakTooBgCSEwfTnvy9XaTXwvdLuc26V/y63o/OZ5B uuJ2t7xflbr8MPnr7K6nMh+UBf9BSQ6HvfzAuZGxUlnIW+w/hkKCyRZes9XHhtE47/Rk lfgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713444049; x=1714048849; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=GsKNX1Jtc4wi0IxWCLI9huAtIgpytdCJy3O9dcSAXkc=; b=JpWorvBRHazPJXkUEPZp66svFYlLAQpziGyaZvjvdLonixU/UsDoO8oYoh6XWEr9av xrlPxeStc57EvGOopX75p3I4YGAuOxoKOfafAbGCkc0W2+a+Vnx1rX8pQDEUKxq2etUk qucJ9qDXkbm9SWi1/TjHTXovbVlKia4rqczYlXZHzct9EoF3E4OsiHzVpiJ0IQAwEByi PvLZDrfUUTXgZpfC+++Q4Ztj8ZBCT7cRQMJIWzudUb4g714fQlGSQ8Mg8mw2ld2CIP+x PktIwq98rnqMrdFLZnKmcPJrS5JzEOujLyH9YJ0+ve5NS5h35ldWTfDL3T/Qlm6jKdwu typA== X-Forwarded-Encrypted: i=1; AJvYcCUC7/oCKWc0lNo3Q3n+AnbZVu+Bl0mE0NaR5mRUJkhsAa8wjtLN/DUHUe1yyasAWFR9UII248Z/Zle8Ukoo/jF0es4= X-Gm-Message-State: AOJu0YyD+weL+1CHOC9YVaZ8DwDxVT1ZNeoucaJ0rel0Z2GPmkzsHwXr FkEpwL0WwXYlZ21XAYGutfBK7QmY4DaOlCnfRsW4c0VIeJ3PD84tJaZdQ8qqyd4= X-Google-Smtp-Source: AGHT+IERuqNJodHHhR9bpgG5Jr20Xw1NRIZhIY4E3cxpBfRykLDmFH6hSFHv4vP9FAislo8rM+OVMw== X-Received: by 2002:a25:198b:0:b0:de4:5c94:f58f with SMTP id 133-20020a25198b000000b00de45c94f58fmr2504112ybz.15.1713444048816; Thu, 18 Apr 2024 05:40:48 -0700 (PDT) Received: from localhost ([2620:10d:c091:400::5:fe4f]) by smtp.gmail.com with ESMTPSA id a14-20020a0ce34e000000b0069b4fe0569fsm587500qvm.109.2024.04.18.05.40.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Apr 2024 05:40:48 -0700 (PDT) Date: Thu, 18 Apr 2024 08:40:43 -0400 From: Johannes Weiner To: Christian Heusel Cc: Chengming Zhou , Nhat Pham , Seth Jennings , Dan Streetman , Vitaly Wool , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, David Runge , "Richard W.M. Jones" , Mark W , regressions@lists.linux.dev, Yosry Ahmed Subject: Re: [REGRESSION] Null pointer dereference while shrinking zswap Message-ID: <20240418124043.GC1055428@cmpxchg.org> References: <3iccc6vjl5gminut3lvpl4va2lbnsgku5ei2d7ylftoofy3n2v@gcfdvtsq6dx2> <246c1f4d-af13-40fa-b968-fbaf36b8f91f@linux.dev> <20240417143324.GA1055428@cmpxchg.org> <4c3ppfjxnrqx6g52qvvhqzcc4pated2q5g4mi32l22nwtrkqfq@a4lk6s5zcwvb> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <4c3ppfjxnrqx6g52qvvhqzcc4pated2q5g4mi32l22nwtrkqfq@a4lk6s5zcwvb> X-Rspam-User: X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: E62384000F X-Stat-Signature: gq3ifh9gr7fkaoob41z79t6pjsjz51ot X-HE-Tag: 1713444049-923741 X-HE-Meta: U2FsdGVkX1+yhn4RJ6zo4ZIsfCoCjHVJ/SDv6cuKNOk5ljbttX7Aony8mQ2Vmhic5hUBbJkSco8/dFc61m3wr7/I0x6tMhGiAv/mF1uxpnunLmBU14X9ek8FKpgVCykhEkV3gOxPo4fmbLOtO6WkDCg0kV2RuO6r7VQUjABTKFKBjN/2v4nGP1B6983F8r9mqX0DICAfA/TB4TkqFeKE+JnBTpPHM7nSAByVOqeeZMKPhgaLJ2gLaJg1m79NYTF0Cu/tDnsTreGzKj/tiHCoGQHVzCfa510LptI10JDcbwS9M1OMhvX+BX66N/hoochmAXRNmqJ8MlorHH2KvtiKmYEsdrudsYxAYat1EuYJra0qaGUoU3CBiVn+tTr3RXQ9FVLsmrwUXA+ahtQnKI2ArC4AHopMW7lDxefy/n01t3nzw3ousMxaFIJwXvL8CPi0PF2nlJQxDz0HvNljPBxWZm2b1MgCusNeZ9XRXQPhNOC+QfGO/Q3lVQURqBZlW96SlcYNgvIQYZNxSkfs1VyIK8scN1/CEN98dRxg+z0GJC0Vn/zOCFy5vxrtgVskznQ6mYQFp0JpETyAXvjF+07TvzOnxy+vm7sOjow6kN+1Sm3wc8o4XrD+TQpXnewnB3GkvtRQBj4G4H1pTHkh8gSbWODi4oYGzVF2xQpZgwDgsy0eWSr2w9QHXwm8LgIyEKD9IYddNqG/mzF+qYmdBnGdPScSFb08kox900hFixyJe8LcT6dKAuRsboUXlyVY+eUyBwM11y1ZzQpzKdwvTfNC01tqMEWmLWvoESzI3zifAjWCq9z51jo19QRdjK8a85wd/7o3RejLc6VhaTnlB101hGJz00Mv3+vEXrNYhYSmn1wz3iYbDM0pNDY+/R0QO3NKDZ5Mh1RZoLwkKKF7L8PNszw/Hx8ZYwk9dtQOkaXYfq6nYWdb9nEbntnVJmJKSE/Evbxvu5X7sIXs8m35CmA gtHxGXg3 15SlwxHvwwMX/Hid4iWBMym+9p6SYTBE5Sr+DOKYrnbZV6ZdcFGXJChyXHGTjdLnOYo6q0ib7pe9RkNG/BdLyrz/c7iKrEmP0ykmMW38zJp/To0YTRrpzfmUPwVouN71eYqO54mYexoI7WQtRTfTnyEr7PmC3dPnfCNhPPJxYqtTQ4XRw/8Qz64Mzhc+MwiW5I+TXgMEfVX564/8zfFLYb0FPBfKfHWa7Izc+y+ExPUCCokHzBybx773TIK3jUjYi21bRfADSHY847/XRa19iqQM46QFlgu5xPwYhPElFa9MjDq/IzNPYTmoQvuHHO02dmrTYfygDmJG97OCiQykKaVo6iEbomY4/lPokzyg2rfrHXAZUi7rZLra9yaT6FhRTIZIjyRkjHd8cxnqOXLR6om4UGyGT1x07noqveGdaFCWHb+53hp2bmq/J2T32mpkbRTsD/DLBTX+si+GI6SZQx5l+rEwx2iJWkb/0pypzi8CBEegW5bYjF4Hvz8g7plZkE2a9HkaREGT3kFO6ohUiyqNFbPRZU0bNT94ZKZM9NhQMm880D1ab8/IdNzWe0JFfS6DEcSLV8CNyB3sV3uKAwG8yj9muV/8CsS1J7YmWOfVkp64XhTExSF/PWyEhUXLG6UiZfXhdyM77yKyoAuYtTISAppFU51TGNU+LpuOegIcuEgZS+mZY/PHRZLgTT5Jfk9lwmat+jM2B7TC16f24ZLhrUN4VPlohGCiF X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Apr 17, 2024 at 07:18:14PM +0200, Christian Heusel wrote: > On 24/04/17 10:33AM, Johannes Weiner wrote: > > > > Christian, can you please test the below patch on top of current > > upstream? > > > > Hey Johannes, > > I have applied your patch on top of 6.9-rc4 and it did solve the crash for > me, thanks for hacking together a fix so quickly! 🤗 > > Tested-By: Christian Heusel Thanks for confirming it, and sorry about the breakage. Andrew, can you please use the updated changelog below? --- >From 52f67f5fab6a743c2aedfc8e04a582a9d1025c28 Mon Sep 17 00:00:00 2001 From: Johannes Weiner Date: Thu, 18 Apr 2024 08:26:28 -0400 Subject: [PATCH] mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat bugzilla [2]. The problem is that when memcg is disabled with the boot time flag, the zswap shrinker might get called with sc->memcg == NULL. This is okay in many places, like the lruvec operations. But it crashes in memcg_page_state() - which is only used due to the non-node accounting of cgroup's the zswap memory to begin with. Nhat spotted that the memcg can be NULL in the memcg-disabled case, and I was then able to reproduce the crash locally as well. [1] https://github.com/libguestfs/libguestfs/issues/139 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252 Fixes: b5ba474f3f51 ("zswap: shrink zswap pool based on memory pressure") Cc: stable@vger.kernel.org [v6.8] Link: https://lkml.kernel.org/r/20240417143324.GA1055428@cmpxchg.org Reported-by: Christian Heusel Debugged-by: Nhat Pham Suggested-by: Nhat Pham Tested-By: Christian Heusel Signed-off-by: Johannes Weiner --- mm/zswap.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/mm/zswap.c b/mm/zswap.c index caed028945b0..6f8850c44b61 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -1331,15 +1331,22 @@ static unsigned long zswap_shrinker_count(struct shrinker *shrinker, if (!gfp_has_io_fs(sc->gfp_mask)) return 0; -#ifdef CONFIG_MEMCG_KMEM - mem_cgroup_flush_stats(memcg); - nr_backing = memcg_page_state(memcg, MEMCG_ZSWAP_B) >> PAGE_SHIFT; - nr_stored = memcg_page_state(memcg, MEMCG_ZSWAPPED); -#else - /* use pool stats instead of memcg stats */ - nr_backing = zswap_pool_total_size >> PAGE_SHIFT; - nr_stored = atomic_read(&zswap_nr_stored); -#endif + /* + * For memcg, use the cgroup-wide ZSWAP stats since we don't + * have them per-node and thus per-lruvec. Careful if memcg is + * runtime-disabled: we can get sc->memcg == NULL, which is ok + * for the lruvec, but not for memcg_page_state(). + * + * Without memcg, use the zswap pool-wide metrics. + */ + if (!mem_cgroup_disabled()) { + mem_cgroup_flush_stats(memcg); + nr_backing = memcg_page_state(memcg, MEMCG_ZSWAP_B) >> PAGE_SHIFT; + nr_stored = memcg_page_state(memcg, MEMCG_ZSWAPPED); + } else { + nr_backing = zswap_pool_total_size >> PAGE_SHIFT; + nr_stored = atomic_read(&zswap_nr_stored); + } if (!nr_stored) return 0; -- 2.44.0