From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FAE3C3ABAC for ; Tue, 6 May 2025 13:56:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 59FFB6B0099; Tue, 6 May 2025 09:56:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 525E76B00A7; Tue, 6 May 2025 09:56:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3C80B6B00A8; Tue, 6 May 2025 09:56:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 14FCA6B0099 for ; Tue, 6 May 2025 09:56:54 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 0878958DF2 for ; Tue, 6 May 2025 13:56:55 +0000 (UTC) X-FDA: 83412633990.18.76A80C5 Received: from mail-qt1-f178.google.com (mail-qt1-f178.google.com [209.85.160.178]) by imf11.hostedemail.com (Postfix) with ESMTP id DD39D4000B for ; Tue, 6 May 2025 13:56:52 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=cmpxchg-org.20230601.gappssmtp.com header.s=20230601 header.b=mRC1daLI; dmarc=pass (policy=none) header.from=cmpxchg.org; spf=pass (imf11.hostedemail.com: domain of hannes@cmpxchg.org designates 209.85.160.178 as permitted sender) smtp.mailfrom=hannes@cmpxchg.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1746539813; a=rsa-sha256; cv=none; b=vkzZqsrIMVlc4zCNt12HrWV3mt1rxboyhBoslQ6mhc7S0ZzGzAHItblQNFr1XYeSCaZSeK N0WjulBcjhWzETG5VMoOhm+70BDt88aVlU7xA8Pdgkl4UAn5V7kFtiokCP4Cs2I7EuzZql EAv3gojsOUI2NWDeLZm69lCU4oKvinw= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=cmpxchg-org.20230601.gappssmtp.com header.s=20230601 header.b=mRC1daLI; dmarc=pass (policy=none) header.from=cmpxchg.org; spf=pass (imf11.hostedemail.com: domain of hannes@cmpxchg.org designates 209.85.160.178 as permitted sender) smtp.mailfrom=hannes@cmpxchg.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1746539813; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=aN2vCmnMOiTJRd2NcNvbHVRm+Ax5/gKsVJUXvhmTYu8=; b=yVIX8UxS5MxRS0CISwdVymfTDewPtRTceewQqhPPdFsqZ2Yw45iegoqMhXushrccOIYmNw OW3RpCa4lLkNYENQfACXMUR4UhOFVKVwyJq2ccm/UdM3gv8XrhK2BIwsKaZ9VA0AjXN8Fq ztRLvxsvwds+tfBNQotsueJ+0yEihv0= Received: by mail-qt1-f178.google.com with SMTP id d75a77b69052e-4775ce8a4b0so38828251cf.1 for ; Tue, 06 May 2025 06:56:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cmpxchg-org.20230601.gappssmtp.com; s=20230601; t=1746539812; x=1747144612; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=aN2vCmnMOiTJRd2NcNvbHVRm+Ax5/gKsVJUXvhmTYu8=; b=mRC1daLIjJb3qM01+zT3uigOQ++lxDl3T5bUVtpLkb3PA3e+PRra8zX1FtNV8z7D8v v3vqYLm7It1JAQk39NjLUNpz+pek1WgIPvkzDJgH65T5LvgAaPw3UWa4FD7oO3YCact8 XSenywHp+VsxDF5AXsGpCPyFaDGoKgSHCeF/C/RMWOZSeTM1MGgcRsKPhrOWIGz7En7y u1hlv8MjsCQjLKgmoQywOol6KM6gOxm+xJ2ka+IDUMXNfSEcKWpgJMiUPGB3RUPdYEbE 08bMH0NTLkK367MP4a0XY83hqH6StYirhLTExHmWWSNo7R4aHZDoaLQtrc1oGrDFlCly BNww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746539812; x=1747144612; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=aN2vCmnMOiTJRd2NcNvbHVRm+Ax5/gKsVJUXvhmTYu8=; b=pVceylVYVU+Q8MhSi3pWakHKRVMcBH9gWXhb0qXk0lVcr/hvd//H0p8CEJ8lay9TZg DoQZNLtKhsDns+bmTRxFjIIO7TtYfwrn7TUMhJ70N7zuWUerZd7do3fVhZ1xtM6ZDzls SQNaMq5B+KLA+byoTY+S4g6t/IeZ5hB8Qsycpvj1GrS3JetOGkEpj71emgqrCh8SwV6P 7ESPHw3gGzL/EfeP6m5Aa3hJX89TJnYl66q4bxMns6xuJpkw2xPFqb/xGH5p7apYMm7y d9d9YQZcAbDzL79nFk2rmouhArZp6mZqutODHRSJxLnUduYxGh5aD5psH7rXXW3OCQ+a VmAA== X-Forwarded-Encrypted: i=1; AJvYcCWmbTg8O7F5b+EsdzaS8LK08dLJAbweDrjpUhaHAAFYvVAGLGvbpaaOLAgOBGQfSpZYwwTPXHk2Tg==@kvack.org X-Gm-Message-State: AOJu0Yx3Ra9Y7EC4PrBfgaqYjYpr0XvCXTI5TwtXC00ZRjXkTUGgpq0f kF3Xn1A1SUxT2vbrdP74TNf1e4caGATRGnNNwCtK116N34NyvGsdDwRKFFNg/0A= X-Gm-Gg: ASbGncvoqR399xrx6NlWRjyLTvrCFgL5fLMSjWwK+ltMBIYrj2+5swaqAgHhKpwgmL8 nWkUDQC8y/rtKrxHO7GxdrJ1zYwDFPa3Wxyhw0LFbeIT0HffwLgLhg09tIyFBGjmTeO9vBhKvbF 6/wg802sBfEaHTsILDj7rVEHWDA0wYQKEA0FIAEv+A0UScHDi7A0qFZdL0JywOwu82CfC9/fOS8 ONB2RcXrcymifxIoloL96Cl2+YSy4STKtEewStg7z/5+stxRvXFnjUXKmrqpTgto6Dgyesggadm GEhxm8Hf9Xz7L8tT3iUq5cWGnuiMdSM8NzVzcMM= X-Google-Smtp-Source: AGHT+IEf4MiWHFWj8hzchKZtX+h2HhYFuraa3E7oJqsE/qGwLNoxGmCiP394t/DNB9Ph3/h3uXyTVg== X-Received: by 2002:ac8:5dca:0:b0:476:add4:d2c0 with SMTP id d75a77b69052e-48e00e67234mr190077851cf.35.1746539811949; Tue, 06 May 2025 06:56:51 -0700 (PDT) Received: from localhost ([2603:7000:c01:2716:365a:60ff:fe62:ff29]) by smtp.gmail.com with UTF8SMTPSA id d75a77b69052e-48b98721c92sm73164021cf.55.2025.05.06.06.56.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 May 2025 06:56:51 -0700 (PDT) Date: Tue, 6 May 2025 09:56:50 -0400 From: Johannes Weiner To: Sergey Senozhatsky Cc: Andrew Morton , Minchan Kim , Yosry Ahmed , Vitaly Wool , linux-kernel@vger.kernel.org, linux-mm@kvack.org, Igor Belousov , stable@vger.kernel.org Subject: Re: [PATCH] zsmalloc: don't underflow size calculation in zs_obj_write() Message-ID: <20250506135650.GA276050@cmpxchg.org> References: <20250504110650.2783619-1-senozhatsky@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250504110650.2783619-1-senozhatsky@chromium.org> X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: DD39D4000B X-Stat-Signature: nrgxmywk57f4ar3976tuffjqyp86mbwk X-HE-Tag: 1746539812-892023 X-HE-Meta: U2FsdGVkX19/AmmOLE0MAhTzJ/8irjID9u9sDF5oUFw0NYXwbYjN85Xw5Ga9gED97QGS+qydK8nj2hLD7nCTJ4X2iitw4zUTzgckahurknmYFl2QfY94z8qPA4orNA8uXiDAsNizAmzWOVXBFaRht/pthj3PQQSGCPJyqWeiT+qgLBnytI6v3COf2HNnx+lrB8sWquhSQRYvw0r9VlzLZ2vobROZJBuUfTH28lWo2bZrOFvMI0QfQq1AM2tlqwcEjJ5AInmI4K9V7Ekd04qL60S7iNBSAk5P2DRQASO/KYFRlcNzSOmoVuESSs61DHIlzZUXcAoiHtQmW9GkYwJ8EOf4Zhcp2gedR0bzgkKli1yJR3NgszqxkeYChbMXDRY+g6UJ7Qq7p8hgcNPiSa4kP28cYNyj36Dl/4O4Mmz0glYrO1gj2YSyc6vhQpWjyd6C4F8iWlyUKWCBehmG3gsNLjpBZ1laE1v+1ZPJfiqnf7JH6hC8n7QMHiWDCm8I4r4GgVeJJcha+xui7jBVE08i9GM1IR2xVjx9qVZKnVN/xI3RoLZl6hNtBYnTeNTOEA8FFtV72xm83Q80blIE4spSIM7jzeBZ7kqVAaWlT1EruCr/tmSzJr8iZJ0Dzqs/uBb+tMP+5FVQM57ARfzar4UXZUKZpPRz9WdXZYL6mHF9a32rRkCj/8s07HvXD9BGLOB4tPMc37xdRsIkpj/xftxMXNUIPWxu909Dfw3J/MU9XLQCHY+Ws6VCFK3unBIUnXZs46KV/dVjNDIuCv8dHuYb0oEVH/mJcBEPH+v43q1ZzINz8NvyXFSjkQZVe1L5PUJosLms6RbwmNg0qM9PdZVAe/E0sCZizEwxjY/YNrfnMVpYEyKDgHty2zFoZuF+IvCTgqhNEhbIktUJs0w5Ko7RjKqM6+RhwfEF5qhkmG1DBv7Ui0M/P/iQ10m0BFQ+nnRKfZyHT7hVzsqn2xexBGs pH7ZEGa+ vur47Z7pzx/x/5RTnxo/yJFQDndd2niEyIKlDdFmAKN2/dqO3laF/7TCvBch7SRX2Lv5PFXJ3BZ9JSKPm5OZD5oZpa+CARQywAKc4e+sfj40WrpfBzwh6Y6gou+iO19DzW06gZsoNjnvDml9WjLDPvnAYkfB3gn4WqSXTYvfjtKuBzxLaVAhddxbYz/M9ZE7i7Wk2qZ4Z/9878/aPp1ujbwk+g+Qw5tsMqlGyvPdgPzQUdXfw/MwzTnd2uCWB6qLWR3EapC255Ez8tKTFmPscmHRSBa3m/Rxe4hsOV9GGhpVwfNEdDaFhlbHp8p+/vu5mlJ0Do+9fbh83erA/1bDu9IqRrZhn6YmFmlCp1auDhKTkJlyy95NbCmcCZtTyhbVwWMlnV6RxHKrybfldFU/ATJwjqMzvD5mNJFI3y1HRW60F/vD0X0bM8NKWZYXZVz9hHMHKY9QVlSaQgWXDLoptS7gq2ndAJJheXt9HTPDYsK6bO2KhEJFxX6FvW2u0eeQJCUQmb0g5J01jX6ubhoynpkRVN99LNDnnw/tneZn0+FXISnOinw5WRfXAikEQEKbaymwyTodcrroZPHc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sun, May 04, 2025 at 08:00:22PM +0900, Sergey Senozhatsky wrote: > Do not mix class->size and object size during offsets/sizes > calculation in zs_obj_write(). Size classes can merge into > clusters, based on objects-per-zspage and pages-per-zspage > characteristics, so some size classes can store objects > smaller than class->size. This becomes problematic when > object size is much smaller than class->size - we can determine > that object spans two physical pages, because we use a larger > class->size for this, while the actual object is much smaller > and fits one physical page, so there is nothing to write to > the second page and memcpy() size calculation underflows. > > We always know the exact size in bytes of the object > that we are about to write (store), so use it instead of > class->size. > > Reported-by: Igor Belousov > Cc: > Signed-off-by: Sergey Senozhatsky Could you please include user-visible effects and circumstances that Igor reported? Crash, backtrace etc, 16k pages etc. in the changelog? This type of information helps tremendously with backports, or finding this patch when encountering the issue in the wild. Acked-by: Johannes Weiner