From: Johannes Weiner <hannes@cmpxchg.org>
To: Yosry Ahmed <yosry.ahmed@linux.dev>
Cc: Nhat Pham <nphamcs@gmail.com>,
akpm@linux-foundation.org, chengming.zhou@linux.dev,
linux-mm@kvack.org, kernel-team@meta.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] zswap: do not crash the kernel on decompression failure
Date: Tue, 25 Feb 2025 22:57:30 -0500 [thread overview]
Message-ID: <20250226035730.GA1775487@cmpxchg.org> (raw)
In-Reply-To: <Z76AVZ_tjq2NvmLT@google.com>
On Wed, Feb 26, 2025 at 02:45:41AM +0000, Yosry Ahmed wrote:
> On Tue, Feb 25, 2025 at 07:51:49PM -0500, Johannes Weiner wrote:
> > On Tue, Feb 25, 2025 at 01:32:00PM -0800, Nhat Pham wrote:
> > > + }
> > > mutex_unlock(&acomp_ctx->mutex);
> > >
> > > if (src != acomp_ctx->buffer)
> > > zpool_unmap_handle(zpool, entry->handle);
> > > + return ret;
> > > }
> > >
> > > /*********************************
> > > @@ -1018,6 +1028,7 @@ static int zswap_writeback_entry(struct zswap_entry *entry,
> > > struct writeback_control wbc = {
> > > .sync_mode = WB_SYNC_NONE,
> > > };
> > > + int ret = 0;
> > >
> > > /* try to allocate swap cache folio */
> > > mpol = get_task_policy(current);
> > > @@ -1034,8 +1045,8 @@ static int zswap_writeback_entry(struct zswap_entry *entry,
> > > * and freed when invalidated by the concurrent shrinker anyway.
> > > */
> > > if (!folio_was_allocated) {
> > > - folio_put(folio);
> > > - return -EEXIST;
> > > + ret = -EEXIST;
> > > + goto put_folio;
> > > }
> > >
> > > /*
> > > @@ -1048,14 +1059,17 @@ static int zswap_writeback_entry(struct zswap_entry *entry,
> > > * be dereferenced.
> > > */
> > > tree = swap_zswap_tree(swpentry);
> > > - if (entry != xa_cmpxchg(tree, offset, entry, NULL, GFP_KERNEL)) {
> > > - delete_from_swap_cache(folio);
> > > - folio_unlock(folio);
> > > - folio_put(folio);
> > > - return -ENOMEM;
> > > + if (entry != xa_load(tree, offset)) {
> > > + ret = -ENOMEM;
> > > + goto fail;
> > > }
> > >
> > > - zswap_decompress(entry, folio);
> > > + if (!zswap_decompress(entry, folio)) {
> > > + ret = -EIO;
> > > + goto fail;
> > > + }
> > > +
> > > + xa_erase(tree, offset);
> > >
> > > count_vm_event(ZSWPWB);
> > > if (entry->objcg)
> > > @@ -1071,9 +1085,14 @@ static int zswap_writeback_entry(struct zswap_entry *entry,
> > >
> > > /* start writeback */
> > > __swap_writepage(folio, &wbc);
> > > - folio_put(folio);
> > > + goto put_folio;
> > >
> > > - return 0;
> > > +fail:
> > > + delete_from_swap_cache(folio);
> > > + folio_unlock(folio);
> > > +put_folio:
> > > + folio_put(folio);
> > > + return ret;
> > > }
> >
> > Nice, yeah it's time for factoring out the error unwinding. If you
> > write it like this, you can save a jump in the main sequence:
> >
> > __swap_writepage(folio, &wbc);
> > ret = 0;
> > put:
> > folio_put(folio);
> > return ret;
> > delete_unlock:
>
> (I like how you sneaked the label rename in here, I didn't like 'fail'
> either :P)
>
> > delete_from_swap_cache(folio);
> > folio_unlock(folio);
> > goto put;
>
> I would go even further and avoid gotos completely (and make it super
> clear what gets executed in the normal path vs the failure path):
>
> __swap_writepage(folio, &wbc);
> folio_put(folio);
> if (ret) {
> delete_from_swap_cache(folio);
> folio_unlock(folio);
> }
> return ret;
The !folio_was_allocated case only needs the put. I guess that could
stay open-coded.
And I think you still need one goto for the other two error legs to
jump past the __swap_writepage.
> > Something like this?
> >
> > if (!zswap_decompress(entry, folio)) {
> > /*
> > * The zswap_load() return value doesn't indicate success or
> > * failure, but whether zswap owns the swapped out contents.
> > * This MUST return true here, otherwise swap_readpage() will
> > * read garbage from the backend.
> > *
> > * Success is signaled by marking the folio uptodate.
> > */
>
> We use the same trick in the folio_test_large() branch, so maybe this
> should be moved to above the function definition. Then we can perhaps
> refer to it in places where we return true wihout setting uptodate for
> added clarity if needed.
That makes sense to me. Nhat, what do you think?
next prev parent reply other threads:[~2025-02-26 3:57 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-25 21:32 Nhat Pham
2025-02-25 22:25 ` Andrew Morton
2025-02-25 22:28 ` Nhat Pham
2025-02-26 0:51 ` Johannes Weiner
2025-02-26 2:45 ` Yosry Ahmed
2025-02-26 3:57 ` Johannes Weiner [this message]
2025-02-26 15:42 ` Yosry Ahmed
2025-02-26 23:39 ` Nhat Pham
2025-02-26 2:40 ` Yosry Ahmed
2025-02-26 23:16 ` Nhat Pham
2025-02-27 0:03 ` Yosry Ahmed
2025-02-26 3:12 ` Yosry Ahmed
2025-02-26 4:57 ` Johannes Weiner
2025-02-26 15:33 ` Yosry Ahmed
2025-02-26 23:20 ` Nhat Pham
2025-02-27 0:00 ` Yosry Ahmed
2025-02-26 23:29 ` Nhat Pham
2025-02-26 23:58 ` Yosry Ahmed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250226035730.GA1775487@cmpxchg.org \
--to=hannes@cmpxchg.org \
--cc=akpm@linux-foundation.org \
--cc=chengming.zhou@linux.dev \
--cc=kernel-team@meta.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=nphamcs@gmail.com \
--cc=yosry.ahmed@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox