From: "Lorenzo Stoakes (Oracle)" <ljs@kernel.org>
To: Yosry Ahmed <yosry@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Johannes Weiner <hannes@cmpxchg.org>,
Nhat Pham <nphamcs@gmail.com>,
Chengming Zhou <chengming.zhou@linux.dev>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH mm-hotfixes] mm/zswap: add missing kunmap_local()
Date: Mon, 16 Mar 2026 15:49:23 +0000 [thread overview]
Message-ID: <59b849b9-87ff-48f7-94fb-363d5f54d8f4@lucifer.local> (raw)
In-Reply-To: <abgY3RNYj7WrYYnq@google.com>
On Mon, Mar 16, 2026 at 02:52:24PM +0000, Yosry Ahmed wrote:
> On Mon, Mar 16, 2026 at 02:01:22PM +0000, Lorenzo Stoakes (Oracle) wrote:
> > Commit e2c3b6b21c77 ("mm: zswap: use SG list decompression APIs from
> > zsmalloc") updated zswap_decompress() to use the scatterwalk API to copy
> > data for uncompressed pages.
> >
> > In doing so, it mapped kernel memory locally for 32-bit kernels using
> > kmap_local_folio(), however it never unmapped this memory.
> >
> > This resulted in the linked syzbot report where a BUG_ON() is triggered due
> > to leaking the kmap slot.
> >
> > This patch fixes the issue by explicitly unmapping the established kmap.
> >
> > Reported-by: syzbot+fe426bef95363177631d@syzkaller.appspotmail.com
> > Closes: https://lore.kernel.org/all/69b75e2c.050a0220.12d28.015a.GAE@google.com
> > Fixes: e2c3b6b21c77 ("mm: zswap: use SG list decompression APIs from zsmalloc")
> > Signed-off-by: Lorenzo Stoakes (Oracle) <ljs@kernel.org>
>
> Oh thanks for catching that, not sure how I ended up doing that tbh..
Don't worry I've made FAR worse mistakes in some of my patches, believe me :)
easily done.
>
> Anyway, LGTM:
>
> Acked-by: Yosry Ahmed <yosry@kernel.org>
Thanks!
Cheers, Lorenzo
>
> > ---
> > mm/zswap.c | 7 ++++++-
> > 1 file changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/mm/zswap.c b/mm/zswap.c
> > index e6ec3295bdb0..499520f65ff0 100644
> > --- a/mm/zswap.c
> > +++ b/mm/zswap.c
> > @@ -942,9 +942,14 @@ static bool zswap_decompress(struct zswap_entry *entry, struct folio *folio)
> >
> > /* zswap entries of length PAGE_SIZE are not compressed. */
> > if (entry->length == PAGE_SIZE) {
> > + void *dst;
> > +
> > WARN_ON_ONCE(input->length != PAGE_SIZE);
> > - memcpy_from_sglist(kmap_local_folio(folio, 0), input, 0, PAGE_SIZE);
> > +
> > + dst = kmap_local_folio(folio, 0);
> > + memcpy_from_sglist(dst, input, 0, PAGE_SIZE);
> > dlen = PAGE_SIZE;
> > + kunmap_local(dst);
> > } else {
> > sg_init_table(&output, 1);
> > sg_set_folio(&output, folio, PAGE_SIZE, 0);
> > --
> > 2.53.0
next prev parent reply other threads:[~2026-03-16 15:49 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-16 14:01 Lorenzo Stoakes (Oracle)
2026-03-16 14:52 ` Yosry Ahmed
2026-03-16 15:49 ` Lorenzo Stoakes (Oracle) [this message]
2026-03-16 15:17 ` Johannes Weiner
2026-03-17 0:38 ` SeongJae Park
2026-03-17 10:01 ` Lorenzo Stoakes (Oracle)
2026-03-17 12:13 ` Lorenzo Stoakes (Oracle)
2026-03-17 12:59 ` Lorenzo Stoakes (Oracle)
2026-03-17 18:01 ` Andrew Morton
2026-03-17 19:01 ` Yosry Ahmed
2026-03-18 0:34 ` SeongJae Park
2026-03-18 23:15 ` Nhat Pham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=59b849b9-87ff-48f7-94fb-363d5f54d8f4@lucifer.local \
--to=ljs@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=chengming.zhou@linux.dev \
--cc=hannes@cmpxchg.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=nphamcs@gmail.com \
--cc=yosry@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox