From: Chengming Zhou <zhouchengming@bytedance.com>
To: Nhat Pham <nphamcs@gmail.com>, Andrew Morton <akpm@linux-foundation.org>
Cc: Barry Song <21cnbao@gmail.com>,
Seth Jennings <sjenning@redhat.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Vitaly Wool <vitaly.wool@konsulko.com>,
Chris Li <chriscli@google.com>,
Yosry Ahmed <yosryahmed@google.com>,
Dan Streetman <ddstreet@ieee.org>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
Chris Li <chrisl@kernel.org>
Subject: Re: [PATCH v4 1/6] mm/zswap: change dstmem size to one page
Date: Thu, 28 Dec 2023 14:41:20 +0800 [thread overview]
Message-ID: <23b76f56-dd91-470b-9967-8482951e5364@bytedance.com> (raw)
In-Reply-To: <CAKEwX=PDeez9D8t4WSe2qd753h=06ZSJwQ8TQDv1xLXB0cpn-Q@mail.gmail.com>
On 2023/12/28 07:21, Nhat Pham wrote:
> On Wed, Dec 27, 2023 at 12:58 PM Andrew Morton
> <akpm@linux-foundation.org> wrote:
>>
>> On Wed, 27 Dec 2023 14:11:06 +0800 Chengming Zhou <zhouchengming@bytedance.com> wrote:
>>
>>>> i remember there was an over-compression case, that means the compressed
>>>> data can be bigger than the source data. the similar thing is also done in zram
>>>> drivers/block/zram/zcomp.c
>>>
>>> Right, there is a buffer overflow report[1] that I just +to you.
>>
>> What does "[1]" refer to? Is there a bug report about this series?
>
> I think Chengming was referring to this:
>
> https://lore.kernel.org/lkml/0000000000000b05cd060d6b5511@google.com/
>
> Syzkaller/syzbot found an edge case where the page's "compressed" form
> was larger than one page, which tripped up the compression code (since
> we reduced the compression buffer size to 1 page here).
Right, thanks Nhat!
The reported bug can be fixed by a patch I posted:
https://lore.kernel.org/all/20231227093523.2735484-1-chengming.zhou@linux.dev/
Although this bug is fixed, we still have to revert the first patch to use
2 pages buffer in zswap, since not all compressor drivers would respect the
buffer size we passed in and may overflow our output buffer.
Barry Song has explained the background in:
https://lore.kernel.org/all/CAGsJ_4xuuaPnQzkkQVaRyZL6ZdwkiQ_B7_c2baNaCKVg_O7ZQA@mail.gmail.com/
I will send an updated series later.
Thanks!
next prev parent reply other threads:[~2023-12-28 6:41 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-26 15:54 [PATCH v4 0/6] mm/zswap: dstmem reuse optimizations and cleanups Chengming Zhou
2023-12-26 15:54 ` [PATCH v4 1/6] mm/zswap: change dstmem size to one page Chengming Zhou
2023-12-27 1:07 ` Barry Song
2023-12-27 6:11 ` Chengming Zhou
2023-12-27 6:32 ` Barry Song
2023-12-27 20:58 ` Andrew Morton
2023-12-27 23:21 ` Nhat Pham
2023-12-28 6:41 ` Chengming Zhou [this message]
2023-12-26 15:54 ` [PATCH v4 2/6] mm/zswap: reuse dstmem when decompress Chengming Zhou
2023-12-27 1:24 ` Barry Song
2023-12-27 6:32 ` Chengming Zhou
2023-12-28 8:03 ` Barry Song
2023-12-28 8:23 ` Chengming Zhou
2023-12-28 9:49 ` Herbert Xu
2024-01-03 2:57 ` [PATCH RFC 1/2] crypto: introduce acomp_is_async to expose if a acomp has a scomp backend Barry Song
2024-01-03 2:57 ` [PATCH RFC 2/2] mm/zswap: remove the memcpy if acomp is not asynchronous Barry Song
2024-01-03 2:57 ` [PATCH v4 2/6] mm/zswap: reuse dstmem when decompress Barry Song
2024-01-25 9:41 ` Herbert Xu
2024-01-27 14:41 ` Barry Song
2023-12-26 15:54 ` [PATCH v4 3/6] mm/zswap: refactor out __zswap_load() Chengming Zhou
2023-12-26 15:54 ` [PATCH v4 4/6] mm/zswap: cleanup zswap_load() Chengming Zhou
2023-12-26 15:54 ` [PATCH v4 5/6] mm/zswap: cleanup zswap_writeback_entry() Chengming Zhou
2023-12-26 15:54 ` [PATCH v4 6/6] mm/zswap: change per-cpu mutex and buffer to per-acomp_ctx Chengming Zhou
2023-12-26 19:08 ` Nhat Pham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=23b76f56-dd91-470b-9967-8482951e5364@bytedance.com \
--to=zhouchengming@bytedance.com \
--cc=21cnbao@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=chriscli@google.com \
--cc=chrisl@kernel.org \
--cc=ddstreet@ieee.org \
--cc=hannes@cmpxchg.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=nphamcs@gmail.com \
--cc=sjenning@redhat.com \
--cc=vitaly.wool@konsulko.com \
--cc=yosryahmed@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox