From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8A22FE7717F for ; Tue, 17 Dec 2024 19:32:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F37126B007B; Tue, 17 Dec 2024 14:32:41 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id EE7606B0082; Tue, 17 Dec 2024 14:32:41 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D870C6B0083; Tue, 17 Dec 2024 14:32:41 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id B1DD46B007B for ; Tue, 17 Dec 2024 14:32:41 -0500 (EST) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 2F994C0131 for ; Tue, 17 Dec 2024 19:32:41 +0000 (UTC) X-FDA: 82905447408.05.4D7B1E9 Received: from mail-qv1-f46.google.com (mail-qv1-f46.google.com [209.85.219.46]) by imf05.hostedemail.com (Postfix) with ESMTP id 3B186100018 for ; Tue, 17 Dec 2024 19:31:40 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=ezrn9fRW; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf05.hostedemail.com: domain of yosryahmed@google.com designates 209.85.219.46 as permitted sender) smtp.mailfrom=yosryahmed@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1734463944; a=rsa-sha256; cv=none; b=rGInixpZoE05XgB1b3uXFsgYE/s9FJJy/ZwwQLGUYkeNudixpv7+pVp7BNXHHOHecb52if CT69UMVasTWMp+MlnB5mrssYwE6DjOdxyJd8mqWO2PtbXjZ8CWeEhZwIVY4XRCRYycHZhp 3OYfXvusxpzLkJ2XWVD+NJNM4OSGjlc= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=ezrn9fRW; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf05.hostedemail.com: domain of yosryahmed@google.com designates 209.85.219.46 as permitted sender) smtp.mailfrom=yosryahmed@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1734463944; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=rNn49jzGwBNy2EK746CCzsBrdk7U+4qdkLq73uNnHr8=; b=6GOwlpZdlNbzPX7mu+tFgSUkPXyKGy2ya4JNg8P+5LFYJWlePDuizGZ3BXSccmZVOefuJg KhNX5RzmnluPwMJHS/rYxmOCe1y8LwiJhR/qPEaB0btjgEEDpOhnHD21BM6IqVAbgeiksZ viByW3ekdS1RavZ120+kxmOUdm3GazU= Received: by mail-qv1-f46.google.com with SMTP id 6a1803df08f44-6dae1690c3cso45242796d6.2 for ; Tue, 17 Dec 2024 11:32:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734463958; x=1735068758; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=rNn49jzGwBNy2EK746CCzsBrdk7U+4qdkLq73uNnHr8=; b=ezrn9fRW0hsK3CUpnkQCzF6AUo0Hkmvz90jO1hISiVmL8dVnuHkGWvJbfhK3lS88Cf 5ZO8/YVzeu+/wQ4UJpIlg1L6pPh6IuLY55I4eaulvcBln1ypdNg9drQNZc5R4YjY2oxq eGLLKuyuUIw4GH7FHify7HvJ8wbJRFeCdFX51Ko2cvf+ITomX/cN5ILxVBky2PnsfjUZ 4f6gwkyvypL+L90eGXXKw758z51c6AoFGIlqnjAQsFDGYtS1KRVSQgjcQ2G3iR/5ba9R qb9FAN73Dp77KE9gutcFdSccck/YnxvNjKeJfqg2MTxNEL6ga0y4dxlvXyO579MoYwfk DEIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734463958; x=1735068758; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=rNn49jzGwBNy2EK746CCzsBrdk7U+4qdkLq73uNnHr8=; b=hZJf4tVyFaaOQk58NOavB0O9qPvbEaNBq5BC2nvQ7KKmW8Q2ASdEg4b4v7clGrRKt/ jxIL3SHH1PMzbvaqa1/tqgN3fB0k0cK/kS0Pul+XO/XHn63wAeq9lo+q+hltxE57WPge tY/dAFmx9DHMsU7mIGI6E0tU/u2mWCxPunTt0sZoofRKBhiX9wMf+i7lZh1BB7vxkkKm cUTfz8Etwrw6sPlX0uY2DM0lywAsqtCicW1rHDsI3d4t1o0UXzcRh5RgVQC1GYE5QzWl TDGjbEzzuHq5REGXOBQjrJ01rm48FgurKxstDwr06fCaAzjAxeocQmsHlIXqzg2PxCdj WFWA== X-Forwarded-Encrypted: i=1; AJvYcCXY87BoP04sgc/A91bjse+Ioz2f8WYtZUuNFhxVn6r1hMfS6n8vl5GxDODmlymB750ZtTCxtXEyIA==@kvack.org X-Gm-Message-State: AOJu0Yx3iXYgiH6gzRDe5UBUISgs43uNQLvHJpnN1ZaEONmiZtPGdDkj 24cupMD3KjjJvtIdcQFW4aug1qBf5BG6GOfFkCl6DL75waTSJsoBksjD3kYFr/8cYLxAp16RP8n PgSB9qskE+Qp8Ueh0BjChqdhze3eMVWyRO5YL X-Gm-Gg: ASbGncs2Go3jG1RHJkTKifEUCpEeB28AIvtlKmuLb9GabhZZYmfqvjhOqYE09lSzyzz z3qNmq7jheGZNmlLKWmH02+k4FmdrT2FvtjwaLNDe4nQe0vlTAxcgn1Cl62I6+mNdVSA= X-Google-Smtp-Source: AGHT+IGDDakfv5rx3JvcOh0HrNoTkyo0DmzQPxwsri7f3PJ5THv7pwAw671CvhHldHBVQUxxRAo0bGBlwXUXCOG1gQ4= X-Received: by 2002:ad4:5ceb:0:b0:6d8:7a7d:1e6b with SMTP id 6a1803df08f44-6dd091894e6mr4002696d6.10.1734463957918; Tue, 17 Dec 2024 11:32:37 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Yosry Ahmed Date: Tue, 17 Dec 2024 11:32:01 -0800 X-Gm-Features: AbW1kvYkljp8qygntzcpQu6lrlDh1-4-Qemw8mZS8XNltf0tITT6xJU9HXKVoUs Message-ID: Subject: Re: [Bug] KASAN: slab-use-after-free Read in zswap_decompress To: Sam Sun Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, akpm@linux-foundation.org, chengming.zhou@linux.dev, Nhat Pham , hannes@cmpxchg.org Content-Type: multipart/mixed; boundary="00000000000017785406297c5c02" X-Rspam-User: X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 3B186100018 X-Stat-Signature: 88spw6kaypabyozthc3nu3od4kf7t1tw X-HE-Tag: 1734463900-351841 X-HE-Meta: U2FsdGVkX1+UOD5XIeLDlkpnSTZI8eOXZDfDPCfLUCK5btSdwyUIK+u3L8GR1HegfI0NTIcjk5HaC5R3PyuBNFfu+cFILp3eukjPtI2aaDgPcIg2AWhacqT7wLcxMaMcG9p1KvAeSULKkDH0pdh7ERd9R3mPzBU5T1m0JuWFKlrhwXVqfHiRIxUfSbZ1E6JoNYBQ5/KaEsnuj+5N5h+Hcw7jabylfayh85eOLUE5GT3eQ2zw6AHxS1NOyUIxCZJRTaxEkf2O536rVJG3tNSRYLFniQro/7PCfOuUZ/lZMr+wJp/WeXt6v/5prk7HnT7p6M3fHwpsQuDSAlESmugvBBt5XXiMN0cVurJVImh203dYDbyn/RSU3vr1rgJEdqkrio23gGYJiAxFijaf0gSUTBB4MjjpHc+Yj98ql4NtQtEw+yvO7HazkjJNDwsRcTGJcu7QEMyGlf1U1rYnH/DT0FoOgmVByLmhq7f5nQepN8qHF4DfxB1BxPZCMesiUI1E3o7bL4BtMjOUs/k9PtByUvJTauUF4LljkAZ+461oNhMcA5J736/Q4t5voIxN7DFNlJT7GosvvRh2lsjK41p7mIMQPh08ycJIdVJe4lY9vr9c6RMlJjoC6HxzScmGYLnqMs36FfYXywboao0q3sCCV29uqqIC/xizHkQgvn+F5DayErZ/SvteCMwuFsomxmAGdIJY/DoUZZvWMKTojDdoBWAPKTyGWXnrTUkPqr+ciyQpEsi2cNSsvP34xBEs+UbdVD+TkMqqEHxKp09ISmgIUFx/LbPRYDgqPpDst1wL/ysQRfkR688KV45MoD8I+JddBYhwM+5l8N6ld80LbIRtyAlhIg6Alm8BbZV67gQsBld1yfrnyRVdXH6IhcBZC9XMDhui/9mO6ZCg5N/dZmqRcjEUjBvOufXkLhFhgC2jZtSB1z5VBFVr52KkBG4/3WY6GIeEr95UjDRAoVO/4KG MjhwcMJz aM/h55ud1rZJtfBaYSkwijLvXsYfJsaJr1D1p+1Wnd0SMaj4IPHqibipxR2PwqqifHwnAASK7s4x2WV4LG7be1J0PM4laS+oB2dq35SODHMf5iy89h98KgsS4H+6tI7uQzRN4pePCSjuJx91hjLiXBBb64/LVQtPv8IeqVQIcjBLe+F/YnsCIarzB0WdsuYeK5wKEM+Srv9Bs8pnGiBS0+x7bE16uCyCmqvM5a0MSpmEyd3gfEbw8Wun/DYiTSygwMw00lhw6DcxREl+do9vnt8xuaFPe250/6mzrYePxw428QpO1ZU5if+Ho91rVz1WaDJXCuIrXYJkVjYlqX6PMGg2wsfMecAOMI63XpUmMdcdzhS90ZRakiyNNs2s2U0RlCJVPPcwp5N7STGnDHMVLSAVibWLigguKxEyowlpunizbx7M905RmGQTvAniUbDWjS9vt2PM6/RQ7yuoBAij8Mzn+EtDu41zPiytukFckZSkizBd0c/ebPij9ZjgUCHcr4qHSK2xns8JhE0JBSqK4CSKAqA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000590, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: --00000000000017785406297c5c02 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Dec 17, 2024 at 8:30=E2=80=AFAM Yosry Ahmed = wrote: > > On Tue, Dec 17, 2024 at 2:52=E2=80=AFAM Sam Sun = wrote: > > > > Dear developers and maintainers, > > > > We encountered a slab-use-after-free bug while using our modified > > syzkaller. Kernel crash log is listed below. > > > Thanks for reporting this! > > This seems to be the problem that Johannes pointed out in: > https://lore.kernel.org/lkml/20241113213007.GB1564047@cmpxchg.org/. > > Would you be able to check if the following diff fixes the problem? I sent a poached semi-staged git diff, apologies. Please try the proper patch attached instead. > > diff --git a/mm/zswap.c b/mm/zswap.c > index 0030ce8fecfc5..089d70dee3246 100644 > --- a/mm/zswap.c > +++ b/mm/zswap.c > @@ -875,6 +875,21 @@ static int zswap_cpu_comp_dead(unsigned int cpu, > struct hlist_node *node) > return 0; > } > > +static void acomp_ctx_get_cpu(struct crypto_acomp_ctx *acomp_ctx) > +{ > + /* > + * Prevent CPU hotplug from freeing this CPU's acomp_ctx until > + * acomp_ctx_put_cpu(). > + */ > + cpus_read_lock(); > + return raw_cpu_ptr > +} > + > +static void acomp_ctx_put_cpu(void) > +{ > + cpus_read_unlock(); > +} > + > static bool zswap_compress(struct folio *folio, struct zswap_entry *entr= y) > { > struct crypto_acomp_ctx *acomp_ctx; > @@ -887,8 +902,7 @@ static bool zswap_compress(struct folio *folio, > struct zswap_entry *entry) > gfp_t gfp; > u8 *dst; > > - acomp_ctx =3D raw_cpu_ptr(entry->pool->acomp_ctx); > - > + acomp_ctx =3D acomp_ctx_get_cpu(entry->pool->acomp_ctx); > mutex_lock(&acomp_ctx->mutex); > > dst =3D acomp_ctx->buffer; > @@ -944,6 +958,7 @@ static bool zswap_compress(struct folio *folio, > struct zswap_entry *entry) > zswap_reject_alloc_fail++; > > mutex_unlock(&acomp_ctx->mutex); > + acomp_ctx_put_cpu(); > return comp_ret =3D=3D 0 && alloc_ret =3D=3D 0; > } > > @@ -954,7 +969,7 @@ static void zswap_decompress(struct zswap_entry > *entry, struct folio *folio) > struct crypto_acomp_ctx *acomp_ctx; > u8 *src; > > - acomp_ctx =3D raw_cpu_ptr(entry->pool->acomp_ctx); > + acomp_ctx =3D acompx_ctx_get_cpu(entry->pool->acomp_ctx); > mutex_lock(&acomp_ctx->mutex); > > src =3D zpool_map_handle(zpool, entry->handle, ZPOOL_MM_RO); > @@ -984,6 +999,7 @@ static void zswap_decompress(struct zswap_entry > *entry, struct folio *folio) > > if (src !=3D acomp_ctx->buffer) > zpool_unmap_handle(zpool, entry->handle); > + acomp_ctx_put_cpu(); > } > > /********************************* > > > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > BUG: KASAN: slab-use-after-free in zswap_decompress+0x7d7/0x810 mm/zswa= p.c:988 > > Read of size 4 at addr ffff888027874044 by task kswapd0/92 > > > > CPU: 1 UID: 0 PID: 92 Comm: kswapd0 Not tainted 6.12.0-09435-g2c22dc1ee= 3a1 #11 > > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > > rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014 > > Call Trace: > > > > __dump_stack lib/dump_stack.c:94 [inline] > > dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120 > > print_address_description mm/kasan/report.c:378 [inline] > > print_report+0xc0/0x5e0 mm/kasan/report.c:489 > > kasan_report+0xbd/0xf0 mm/kasan/report.c:602 > > zswap_decompress+0x7d7/0x810 mm/zswap.c:988 > > zswap_writeback_entry+0x1e9/0x860 mm/zswap.c:1058 > > shrink_memcg_cb+0x213/0x360 mm/zswap.c:1163 > > __list_lru_walk_one+0x15e/0x490 mm/list_lru.c:301 > > list_lru_walk_one+0x3e/0x50 mm/list_lru.c:338 > > list_lru_shrink_walk include/linux/list_lru.h:240 [inline] > > zswap_shrinker_scan+0x135/0x220 mm/zswap.c:1197 > > do_shrink_slab+0x44e/0x1190 mm/shrinker.c:437 > > shrink_slab_memcg mm/shrinker.c:550 [inline] > > shrink_slab+0xb61/0x12a0 mm/shrinker.c:628 > > shrink_one+0x4ad/0x7c0 mm/vmscan.c:4836 > > shrink_many mm/vmscan.c:4897 [inline] > > lru_gen_shrink_node mm/vmscan.c:4975 [inline] > > shrink_node+0x269a/0x3d60 mm/vmscan.c:5956 > > kswapd_shrink_node mm/vmscan.c:6785 [inline] > > balance_pgdat+0xbe5/0x18c0 mm/vmscan.c:6977 > > kswapd+0x6ff/0xd60 mm/vmscan.c:7246 > > kthread+0x2ca/0x3b0 kernel/kthread.c:389 > > ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 > > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > > > > > Allocated by task 1: > > kasan_save_stack+0x24/0x50 mm/kasan/common.c:47 > > kasan_save_track+0x14/0x30 mm/kasan/common.c:68 > > poison_kmalloc_redzone mm/kasan/common.c:377 [inline] > > __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394 > > kasan_kmalloc include/linux/kasan.h:260 [inline] > > __do_kmalloc_node mm/slub.c:4283 [inline] > > __kmalloc_noprof+0x212/0x530 mm/slub.c:4295 > > kmalloc_noprof include/linux/slab.h:905 [inline] > > kzalloc_noprof include/linux/slab.h:1037 [inline] > > __acomp_request_alloc_noprof include/crypto/internal/acompress.h:75 [i= nline] > > acomp_request_alloc+0x46/0x110 crypto/acompress.c:131 > > zswap_cpu_comp_prepare+0x1f4/0x470 mm/zswap.c:840 > > cpuhp_invoke_callback+0x26d/0x9d0 kernel/cpu.c:204 > > cpuhp_issue_call+0x1c1/0x8d0 kernel/cpu.c:2375 > > __cpuhp_state_add_instance_cpuslocked+0x26a/0x3c0 kernel/cpu.c:2437 > > __cpuhp_state_add_instance+0xd7/0x2e0 kernel/cpu.c:2458 > > cpuhp_state_add_instance include/linux/cpuhotplug.h:386 [inline] > > zswap_pool_create+0x2c3/0x5c0 mm/zswap.c:288 > > __zswap_pool_create_fallback mm/zswap.c:356 [inline] > > zswap_setup+0x3a5/0x820 mm/zswap.c:1781 > > zswap_init+0x2d/0x40 mm/zswap.c:1817 > > do_one_initcall+0x111/0x6d0 init/main.c:1266 > > do_initcall_level init/main.c:1328 [inline] > > do_initcalls init/main.c:1344 [inline] > > do_basic_setup init/main.c:1363 [inline] > > kernel_init_freeable+0x5ae/0x8a0 init/main.c:1577 > > kernel_init+0x1e/0x2d0 init/main.c:1466 > > ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 > > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > > > Freed by task 25: > > kasan_save_stack+0x24/0x50 mm/kasan/common.c:47 > > kasan_save_track+0x14/0x30 mm/kasan/common.c:68 > > kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:582 > > poison_slab_object mm/kasan/common.c:247 [inline] > > __kasan_slab_free+0x54/0x70 mm/kasan/common.c:264 > > kasan_slab_free include/linux/kasan.h:233 [inline] > > slab_free_hook mm/slub.c:2338 [inline] > > slab_free mm/slub.c:4598 [inline] > > kfree+0x14e/0x4d0 mm/slub.c:4746 > > zswap_cpu_comp_dead+0xe3/0x1c0 mm/zswap.c:874 > > cpuhp_invoke_callback+0x564/0x9d0 kernel/cpu.c:216 > > __cpuhp_invoke_callback_range+0x104/0x220 kernel/cpu.c:965 > > cpuhp_invoke_callback_range kernel/cpu.c:989 [inline] > > cpuhp_down_callbacks kernel/cpu.c:1382 [inline] > > _cpu_down+0x41d/0xef0 kernel/cpu.c:1443 > > __cpu_down_maps_locked+0x6f/0x90 kernel/cpu.c:1473 > > work_for_cpu_fn+0x55/0xa0 kernel/workqueue.c:6719 > > process_one_work+0x9a2/0x1ba0 kernel/workqueue.c:3229 > > process_scheduled_works kernel/workqueue.c:3310 [inline] > > worker_thread+0x677/0xe90 kernel/workqueue.c:3391 > > kthread+0x2ca/0x3b0 kernel/kthread.c:389 > > ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 > > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > > > The buggy address belongs to the object at ffff888027874000 > > which belongs to the cache kmalloc-96 of size 96 > > The buggy address is located 68 bytes inside of > > freed 96-byte region [ffff888027874000, ffff888027874060) > > > > The buggy address belongs to the physical page: > > page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27= 874 > > flags: 0xfff00000000000(node=3D0|zone=3D1|lastcpupid=3D0x7ff) > > page_type: f5(slab) > > raw: 00fff00000000000 ffff88801b041280 dead000000000100 dead00000000012= 2 > > raw: 0000000000000000 0000000000200020 00000001f5000000 000000000000000= 0 > > page dumped because: kasan: bad access detected > > page_owner tracks the page as allocated > > page last allocated via order 0, migratetype Unmovable, gfp_mask > > 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid > > 1 (swapper/0), ts 20389586985, free_ts 18720773637 > > set_page_owner include/linux/page_owner.h:32 [inline] > > post_alloc_hook+0x2e7/0x350 mm/page_alloc.c:1556 > > prep_new_page mm/page_alloc.c:1564 [inline] > > get_page_from_freelist+0xe4e/0x2b20 mm/page_alloc.c:3474 > > __alloc_pages_noprof+0x219/0x21f0 mm/page_alloc.c:4751 > > alloc_pages_mpol_noprof+0x2b6/0x600 mm/mempolicy.c:2265 > > alloc_slab_page mm/slub.c:2408 [inline] > > allocate_slab mm/slub.c:2574 [inline] > > new_slab+0x2d5/0x420 mm/slub.c:2627 > > ___slab_alloc+0xbb7/0x1850 mm/slub.c:3815 > > __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3905 > > __slab_alloc_node mm/slub.c:3980 [inline] > > slab_alloc_node mm/slub.c:4141 [inline] > > __do_kmalloc_node mm/slub.c:4282 [inline] > > __kmalloc_noprof+0x2ac/0x530 mm/slub.c:4295 > > kmalloc_noprof include/linux/slab.h:905 [inline] > > kzalloc_noprof include/linux/slab.h:1037 [inline] > > __acomp_request_alloc_noprof include/crypto/internal/acompress.h:75 [i= nline] > > acomp_request_alloc+0x46/0x110 crypto/acompress.c:131 > > zswap_cpu_comp_prepare+0x1f4/0x470 mm/zswap.c:840 > > cpuhp_invoke_callback+0x26d/0x9d0 kernel/cpu.c:204 > > cpuhp_issue_call+0x1c1/0x8d0 kernel/cpu.c:2375 > > __cpuhp_state_add_instance_cpuslocked+0x26a/0x3c0 kernel/cpu.c:2437 > > __cpuhp_state_add_instance+0xd7/0x2e0 kernel/cpu.c:2458 > > cpuhp_state_add_instance include/linux/cpuhotplug.h:386 [inline] > > zswap_pool_create+0x2c3/0x5c0 mm/zswap.c:288 > > __zswap_pool_create_fallback mm/zswap.c:356 [inline] > > zswap_setup+0x3a5/0x820 mm/zswap.c:1781 > > page last free pid 54 tgid 54 stack trace: > > reset_page_owner include/linux/page_owner.h:25 [inline] > > free_pages_prepare mm/page_alloc.c:1127 [inline] > > free_unref_page+0x714/0x10c0 mm/page_alloc.c:2657 > > vfree+0x17e/0x890 mm/vmalloc.c:3382 > > delayed_vfree_work+0x57/0x70 mm/vmalloc.c:3303 > > process_one_work+0x9a2/0x1ba0 kernel/workqueue.c:3229 > > process_scheduled_works kernel/workqueue.c:3310 [inline] > > worker_thread+0x677/0xe90 kernel/workqueue.c:3391 > > kthread+0x2ca/0x3b0 kernel/kthread.c:389 > > ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 > > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > > > Memory state around the buggy address: > > ffff888027873f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > ffff888027873f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > >ffff888027874000: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc > > ^ > > ffff888027874080: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc > > ffff888027874100: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > We also find a similar bug report in function zswap_store(), listed as = below: > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > BUG: KASAN: slab-use-after-free in zswap_compress mm/zswap.c:925 [inlin= e] > > BUG: KASAN: slab-use-after-free in zswap_store_page mm/zswap.c:1426 [in= line] > > BUG: KASAN: slab-use-after-free in zswap_store+0x2307/0x25e0 mm/zswap.c= :1533 > > Read of size 4 at addr ffff8880219f6b44 by task kswapd0/88 > > > > CPU: 1 UID: 0 PID: 88 Comm: kswapd0 Tainted: G U > > 6.12.0-09435-g2c22dc1ee3a1 #11 > > Tainted: [U]=3DUSER > > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > > rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014 > > Call Trace: > > > > __dump_stack lib/dump_stack.c:94 [inline] > > dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120 > > print_address_description mm/kasan/report.c:378 [inline] > > print_report+0xc0/0x5e0 mm/kasan/report.c:489 > > kasan_report+0xbd/0xf0 mm/kasan/report.c:602 > > zswap_compress mm/zswap.c:925 [inline] > > zswap_store_page mm/zswap.c:1426 [inline] > > zswap_store+0x2307/0x25e0 mm/zswap.c:1533 > > swap_writepage+0x3a8/0xe50 mm/page_io.c:279 > > pageout+0x3b9/0xa90 mm/vmscan.c:689 > > shrink_folio_list+0x2988/0x4340 mm/vmscan.c:1367 > > evict_folios+0x72b/0x1a10 mm/vmscan.c:4593 > > try_to_shrink_lruvec+0x62b/0xa60 mm/vmscan.c:4789 > > shrink_one+0x417/0x7c0 mm/vmscan.c:4834 > > shrink_many mm/vmscan.c:4897 [inline] > > lru_gen_shrink_node mm/vmscan.c:4975 [inline] > > shrink_node+0x269a/0x3d60 mm/vmscan.c:5956 > > kswapd_shrink_node mm/vmscan.c:6785 [inline] > > balance_pgdat+0xbe5/0x18c0 mm/vmscan.c:6977 > > kswapd+0x6ff/0xd60 mm/vmscan.c:7246 > > kthread+0x2ca/0x3b0 kernel/kthread.c:389 > > ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 > > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > > > > > Allocated by task 1: > > kasan_save_stack+0x24/0x50 mm/kasan/common.c:47 > > kasan_save_track+0x14/0x30 mm/kasan/common.c:68 > > poison_kmalloc_redzone mm/kasan/common.c:377 [inline] > > __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394 > > kasan_kmalloc include/linux/kasan.h:260 [inline] > > __do_kmalloc_node mm/slub.c:4283 [inline] > > __kmalloc_noprof+0x212/0x530 mm/slub.c:4295 > > kmalloc_noprof include/linux/slab.h:905 [inline] > > kzalloc_noprof include/linux/slab.h:1037 [inline] > > __acomp_request_alloc_noprof include/crypto/internal/acompress.h:75 [i= nline] > > acomp_request_alloc+0x46/0x110 crypto/acompress.c:131 > > zswap_cpu_comp_prepare+0x1f4/0x470 mm/zswap.c:840 > > cpuhp_invoke_callback+0x26d/0x9d0 kernel/cpu.c:204 > > cpuhp_issue_call+0x1c1/0x8d0 kernel/cpu.c:2375 > > __cpuhp_state_add_instance_cpuslocked+0x26a/0x3c0 kernel/cpu.c:2437 > > __cpuhp_state_add_instance+0xd7/0x2e0 kernel/cpu.c:2458 > > cpuhp_state_add_instance include/linux/cpuhotplug.h:386 [inline] > > zswap_pool_create+0x2c3/0x5c0 mm/zswap.c:288 > > __zswap_pool_create_fallback mm/zswap.c:356 [inline] > > zswap_setup+0x3a5/0x820 mm/zswap.c:1781 > > zswap_init+0x2d/0x40 mm/zswap.c:1817 > > do_one_initcall+0x111/0x6d0 init/main.c:1266 > > do_initcall_level init/main.c:1328 [inline] > > do_initcalls init/main.c:1344 [inline] > > do_basic_setup init/main.c:1363 [inline] > > kernel_init_freeable+0x5ae/0x8a0 init/main.c:1577 > > kernel_init+0x1e/0x2d0 init/main.c:1466 > > ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 > > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > > > Freed by task 901: > > kasan_save_stack+0x24/0x50 mm/kasan/common.c:47 > > kasan_save_track+0x14/0x30 mm/kasan/common.c:68 > > kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:582 > > poison_slab_object mm/kasan/common.c:247 [inline] > > __kasan_slab_free+0x54/0x70 mm/kasan/common.c:264 > > kasan_slab_free include/linux/kasan.h:233 [inline] > > slab_free_hook mm/slub.c:2338 [inline] > > slab_free mm/slub.c:4598 [inline] > > kfree+0x14e/0x4d0 mm/slub.c:4746 > > zswap_cpu_comp_dead+0xe3/0x1c0 mm/zswap.c:874 > > cpuhp_invoke_callback+0x564/0x9d0 kernel/cpu.c:216 > > __cpuhp_invoke_callback_range+0x104/0x220 kernel/cpu.c:965 > > cpuhp_invoke_callback_range kernel/cpu.c:989 [inline] > > cpuhp_down_callbacks kernel/cpu.c:1382 [inline] > > _cpu_down+0x41d/0xef0 kernel/cpu.c:1443 > > __cpu_down_maps_locked+0x6f/0x90 kernel/cpu.c:1473 > > work_for_cpu_fn+0x55/0xa0 kernel/workqueue.c:6719 > > process_one_work+0x9a2/0x1ba0 kernel/workqueue.c:3229 > > process_scheduled_works kernel/workqueue.c:3310 [inline] > > worker_thread+0x677/0xe90 kernel/workqueue.c:3391 > > kthread+0x2ca/0x3b0 kernel/kthread.c:389 > > ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 > > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > > > The buggy address belongs to the object at ffff8880219f6b00 > > which belongs to the cache kmalloc-96 of size 96 > > The buggy address is located 68 bytes inside of > > freed 96-byte region [ffff8880219f6b00, ffff8880219f6b60) > > > > The buggy address belongs to the physical page: > > page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21= 9f6 > > anon flags: 0xfff00000000000(node=3D0|zone=3D1|lastcpupid=3D0x7ff) > > page_type: f5(slab) > > raw: 00fff00000000000 ffff88801b041280 ffffea0000887d00 dead00000000000= 5 > > raw: 0000000000000000 0000000000200020 00000001f5000000 000000000000000= 0 > > page dumped because: kasan: bad access detected > > page_owner tracks the page as allocated > > page last allocated via order 0, migratetype Unmovable, gfp_mask > > 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid > > 1 (swapper/0), ts 15792736110, free_ts 14433067061 > > set_page_owner include/linux/page_owner.h:32 [inline] > > post_alloc_hook+0x2e7/0x350 mm/page_alloc.c:1556 > > prep_new_page mm/page_alloc.c:1564 [inline] > > get_page_from_freelist+0xe4e/0x2b20 mm/page_alloc.c:3474 > > __alloc_pages_noprof+0x219/0x21f0 mm/page_alloc.c:4751 > > alloc_pages_mpol_noprof+0x2b6/0x600 mm/mempolicy.c:2265 > > alloc_slab_page mm/slub.c:2408 [inline] > > allocate_slab mm/slub.c:2574 [inline] > > new_slab+0x2d5/0x420 mm/slub.c:2627 > > ___slab_alloc+0xbb7/0x1850 mm/slub.c:3815 > > __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3905 > > __slab_alloc_node mm/slub.c:3980 [inline] > > slab_alloc_node mm/slub.c:4141 [inline] > > __kmalloc_cache_noprof+0x280/0x410 mm/slub.c:4309 > > kmalloc_noprof include/linux/slab.h:901 [inline] > > kzalloc_noprof include/linux/slab.h:1037 [inline] > > usb_hub_create_port_device+0xbb/0xde0 drivers/usb/core/port.c:743 > > hub_configure drivers/usb/core/hub.c:1710 [inline] > > hub_probe+0x1ceb/0x2fc0 drivers/usb/core/hub.c:1965 > > usb_probe_interface+0x314/0x9f0 drivers/usb/core/driver.c:399 > > call_driver_probe drivers/base/dd.c:579 [inline] > > really_probe+0x252/0xa90 drivers/base/dd.c:658 > > __driver_probe_device+0x1df/0x450 drivers/base/dd.c:800 > > driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830 > > __device_attach_driver+0x1db/0x2f0 drivers/base/dd.c:958 > > bus_for_each_drv+0x14c/0x1d0 drivers/base/bus.c:459 > > page last free pid 25 tgid 25 stack trace: > > reset_page_owner include/linux/page_owner.h:25 [inline] > > free_pages_prepare mm/page_alloc.c:1127 [inline] > > free_unref_page+0x714/0x10c0 mm/page_alloc.c:2657 > > vfree+0x17e/0x890 mm/vmalloc.c:3382 > > delayed_vfree_work+0x57/0x70 mm/vmalloc.c:3303 > > process_one_work+0x9a2/0x1ba0 kernel/workqueue.c:3229 > > process_scheduled_works kernel/workqueue.c:3310 [inline] > > worker_thread+0x677/0xe90 kernel/workqueue.c:3391 > > kthread+0x2ca/0x3b0 kernel/kthread.c:389 > > ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 > > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > > > Memory state around the buggy address: > > ffff8880219f6a00: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc > > ffff8880219f6a80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc > > >ffff8880219f6b00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc > > ^ > > ffff8880219f6b80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc > > ffff8880219f6c00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > If you have any questions, please contact us. > > > > Best Regards, > > Yue --00000000000017785406297c5c02 Content-Type: application/octet-stream; name="0001-mm-zswap-fix-race-between-de-compression-and-CPU-hot.patch" Content-Disposition: attachment; filename="0001-mm-zswap-fix-race-between-de-compression-and-CPU-hot.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_m4sv02x60 RnJvbSA2YmFjZDliY2NmOWQyZThiMmRlOWEyZTU3NDI0M2E2NTIzYjFiMjA1IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBZb3NyeSBBaG1lZCA8eW9zcnlhaG1lZEBnb29nbGUuY29tPgpE YXRlOiBUdWUsIDE3IERlYyAyMDI0IDE5OjE3OjA2ICswMDAwClN1YmplY3Q6IFtQQVRDSF0gbW06 IHpzd2FwOiBmaXggcmFjZSBiZXR3ZWVuIFtkZV1jb21wcmVzc2lvbiBhbmQgQ1BVIGhvdHVucGx1 ZwoKSW4genN3YXBfY29tcHJlc3MoKSBhbmQgenN3YXBfZGVjb21wcmVzcygpLCB0aGUgcGVyLUNQ VSBhY29tcF9jdHggb2YgdGhlCmN1cnJlbnQgQ1BVIGF0IHRoZSBiZWdpbm5pbmcgb2YgdGhlIG9w ZXJhdGlvbiBpcyB1c2VkLiBIb3dldmVyLCBzaW5jZQpuZWl0aGVyIHByZWVtcHRpb24gbm9yIG1p Z3JhdGlvbiBhcmUgZGlzYWJsZWQsIGl0IGlzIHBvc3NpYmxlIHRoYXQgdGhlCm9wZXJhdGlvbiBj b250aW51ZXMgb24gYSBkaWZmZXJlbnQgQ1BVLgoKSWYgdGhlIG9yaWdpbmFsIENQVSBpcyBob3R1 bnBsdWdnZWQgd2hpbGUgdGhlIGFjb21wX2N0eCBpcyBzdGlsbCBpbiB1c2UsCndlIHJ1biBpbnRv IGEgVUFGIGJ1Zy4gVGhlcmUgYXJlIGEgZmV3IHdheXMgdG8gZml4IHRoaXM6CihhKSBBZGQgYSBy ZWZjb3VudCBmb3IgYWNvbXBfY3R4LgooYikgRGlzYWJsZSBtaWdyYXRpb24gd2hpbGUgdXNpbmcg dGhlIHBlci1DUFUgYWNvbXBfY3R4LgooYykgRGlzYWJsZSBDUFUgaG90dW5wbHVnIHdoaWxlIHVz aW5nIHRoZSBwZXItQ1BVIGFjb21wX2N0eC4KCkltcGxlbWVudCAoYykgc2luY2UgaXQncyBzaW1w bGVyIHRoYW4gKGEpLCBhbmQgKGIpIGludm9sdmVzIHVzaW5nCm1pZ3JhdGVfZGlzYWJsZSgpIHdo aWNoIGlzIGFwcGFyZW50bHkgZGlzY291cmFnZWQuCgpSZXBvcnRlZC1ieTogSm9oYW5uZXMgV2Vp bmVyIDxoYW5uZXNAY21weGNoZy5vcmc+ClJlcG9ydGVkLWJ5OiBTYW0gU3VuIDxzYW1zdW4xMDA2 MjE5QGdtYWlsLmNvbT4KU2lnbmVkLW9mZi1ieTogWW9zcnkgQWhtZWQgPHlvc3J5YWhtZWRAZ29v Z2xlLmNvbT4KLS0tCiBtbS96c3dhcC5jIHwgMjIgKysrKysrKysrKysrKysrKysrKy0tLQogMSBm aWxlIGNoYW5nZWQsIDE5IGluc2VydGlvbnMoKyksIDMgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0 IGEvbW0venN3YXAuYyBiL21tL3pzd2FwLmMKaW5kZXggMDAzMGNlOGZlY2ZjNS4uMGY1N2M5OGZj YjEzNSAxMDA2NDQKLS0tIGEvbW0venN3YXAuYworKysgYi9tbS96c3dhcC5jCkBAIC04NzUsNiAr ODc1LDIxIEBAIHN0YXRpYyBpbnQgenN3YXBfY3B1X2NvbXBfZGVhZCh1bnNpZ25lZCBpbnQgY3B1 LCBzdHJ1Y3QgaGxpc3Rfbm9kZSAqbm9kZSkKIAlyZXR1cm4gMDsKIH0KIAorc3RhdGljIHN0cnVj dCBjcnlwdG9fYWNvbXBfY3R4ICphY29tcF9jdHhfZ2V0X2NwdShzdHJ1Y3QgY3J5cHRvX2Fjb21w X2N0eCBfX3BlcmNwdSAqYWNvbXBfY3R4KQoreworCS8qCisJICogUHJldmVudCBDUFUgaG90cGx1 ZyBmcm9tIGZyZWVpbmcgdGhpcyBDUFUncyBhY29tcF9jdHggdW50aWwKKwkgKiBhY29tcF9jdHhf cHV0X2NwdSgpLgorCSAqLworCWNwdXNfcmVhZF9sb2NrKCk7CisJcmV0dXJuIHJhd19jcHVfcHRy KGFjb21wX2N0eCk7Cit9CisKK3N0YXRpYyB2b2lkIGFjb21wX2N0eF9wdXRfY3B1KHZvaWQpCit7 CisJY3B1c19yZWFkX3VubG9jaygpOworfQorCiBzdGF0aWMgYm9vbCB6c3dhcF9jb21wcmVzcyhz dHJ1Y3QgZm9saW8gKmZvbGlvLCBzdHJ1Y3QgenN3YXBfZW50cnkgKmVudHJ5KQogewogCXN0cnVj dCBjcnlwdG9fYWNvbXBfY3R4ICphY29tcF9jdHg7CkBAIC04ODcsOCArOTAyLDcgQEAgc3RhdGlj IGJvb2wgenN3YXBfY29tcHJlc3Moc3RydWN0IGZvbGlvICpmb2xpbywgc3RydWN0IHpzd2FwX2Vu dHJ5ICplbnRyeSkKIAlnZnBfdCBnZnA7CiAJdTggKmRzdDsKIAotCWFjb21wX2N0eCA9IHJhd19j cHVfcHRyKGVudHJ5LT5wb29sLT5hY29tcF9jdHgpOwotCisJYWNvbXBfY3R4ID0gYWNvbXBfY3R4 X2dldF9jcHUoZW50cnktPnBvb2wtPmFjb21wX2N0eCk7CiAJbXV0ZXhfbG9jaygmYWNvbXBfY3R4 LT5tdXRleCk7CiAKIAlkc3QgPSBhY29tcF9jdHgtPmJ1ZmZlcjsKQEAgLTk0NCw2ICs5NTgsNyBA QCBzdGF0aWMgYm9vbCB6c3dhcF9jb21wcmVzcyhzdHJ1Y3QgZm9saW8gKmZvbGlvLCBzdHJ1Y3Qg enN3YXBfZW50cnkgKmVudHJ5KQogCQl6c3dhcF9yZWplY3RfYWxsb2NfZmFpbCsrOwogCiAJbXV0 ZXhfdW5sb2NrKCZhY29tcF9jdHgtPm11dGV4KTsKKwlhY29tcF9jdHhfcHV0X2NwdSgpOwogCXJl dHVybiBjb21wX3JldCA9PSAwICYmIGFsbG9jX3JldCA9PSAwOwogfQogCkBAIC05NTQsNyArOTY5 LDcgQEAgc3RhdGljIHZvaWQgenN3YXBfZGVjb21wcmVzcyhzdHJ1Y3QgenN3YXBfZW50cnkgKmVu dHJ5LCBzdHJ1Y3QgZm9saW8gKmZvbGlvKQogCXN0cnVjdCBjcnlwdG9fYWNvbXBfY3R4ICphY29t cF9jdHg7CiAJdTggKnNyYzsKIAotCWFjb21wX2N0eCA9IHJhd19jcHVfcHRyKGVudHJ5LT5wb29s LT5hY29tcF9jdHgpOworCWFjb21wX2N0eCA9IGFjb21wX2N0eF9nZXRfY3B1KGVudHJ5LT5wb29s LT5hY29tcF9jdHgpOwogCW11dGV4X2xvY2soJmFjb21wX2N0eC0+bXV0ZXgpOwogCiAJc3JjID0g enBvb2xfbWFwX2hhbmRsZSh6cG9vbCwgZW50cnktPmhhbmRsZSwgWlBPT0xfTU1fUk8pOwpAQCAt OTg0LDYgKzk5OSw3IEBAIHN0YXRpYyB2b2lkIHpzd2FwX2RlY29tcHJlc3Moc3RydWN0IHpzd2Fw X2VudHJ5ICplbnRyeSwgc3RydWN0IGZvbGlvICpmb2xpbykKIAogCWlmIChzcmMgIT0gYWNvbXBf Y3R4LT5idWZmZXIpCiAJCXpwb29sX3VubWFwX2hhbmRsZSh6cG9vbCwgZW50cnktPmhhbmRsZSk7 CisJYWNvbXBfY3R4X3B1dF9jcHUoKTsKIH0KIAogLyoqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKgotLSAKMi40Ny4xLjYxMy5nYzI3ZjRiN2E5Zi1nb29nCgo= --00000000000017785406297c5c02--