From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D646FC54F30 for ; Sun, 25 May 2025 18:45:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id ACACE6B0082; Sun, 25 May 2025 14:45:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A7B026B0083; Sun, 25 May 2025 14:45:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 944D36B0085; Sun, 25 May 2025 14:45:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 75BA66B0082 for ; Sun, 25 May 2025 14:45:10 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id EB6971A1018 for ; Sun, 25 May 2025 18:45:09 +0000 (UTC) X-FDA: 83482307538.17.8E3D4C9 Received: from mail-ot1-f46.google.com (mail-ot1-f46.google.com [209.85.210.46]) by imf24.hostedemail.com (Postfix) with ESMTP id 22E35180003 for ; Sun, 25 May 2025 18:45:07 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=MgXPN5zl; spf=pass (imf24.hostedemail.com: domain of ryncsn@gmail.com designates 209.85.210.46 as permitted sender) smtp.mailfrom=ryncsn@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1748198708; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zlZFRhPE/eFCl215/JCvK2SWRrEZJvnFdKymxEp1wtc=; b=cg8RDV3udl8d11gaCMK1EHYqM1UlFWS63xQwQQ65kTcl0YpXULkOdSXjNWujwWgCP/wiFm gYzYSFwUxCAYCW4geZWUOlQY8+0A87UpI4/uFGONM2loNSwpDK/f3FS8tMKoeZpaIy6Vst OGhpH+g3hFFrz3u4TS7VjrZCdH+JcDA= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=MgXPN5zl; spf=pass (imf24.hostedemail.com: domain of ryncsn@gmail.com designates 209.85.210.46 as permitted sender) smtp.mailfrom=ryncsn@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1748198708; a=rsa-sha256; cv=none; b=yZfHAJppB10bKgLtrH3bPPrHODWfpNWBE/gW9SH1yRbC8LD0WByZ9eZJjHY4v6c5DdiDNb fKgbnggcWxkGI7c6xrpsI0bGMY61X6a4voDCV2Bv1vVmst6b7e/Rjq3dZ4dizH6EmIX0Rv QvFrOyrsjx/cxUFlldHoWIHLLM+4L5I= Received: by mail-ot1-f46.google.com with SMTP id 46e09a7af769-72c14138668so385872a34.2 for ; Sun, 25 May 2025 11:45:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1748198707; x=1748803507; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=zlZFRhPE/eFCl215/JCvK2SWRrEZJvnFdKymxEp1wtc=; b=MgXPN5zlWhUUPEBTEZXwvecwbcWVjO099h1OImyGDxoMZ7xeHQex6QNZLseDagu4dr b2yfrgXMUwnRVtuGRPtY6jEiDULdUYT8440K4rOrRI7e50vzZ3bvAUAxMQS1Xdgk1vr+ AnLgqkJGd23xoY6+i4gXtmjf5LWlW31EyMXuyTcFWucaGBBujv0Lpgyl2aJ9vc9kI35l Yc9YvyLB1nVaT5HKor2CHa6SJiaAbKBBvdPFfdpjygO/bClSIlaCXfCdQHOGtxn+AwP1 GWlmSviN8z81blJPQQI1zT9Ur+ltI4S03iEll3lSwiuiDlwv4KBZRESaZVJAouVlPoCb IKbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748198707; x=1748803507; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zlZFRhPE/eFCl215/JCvK2SWRrEZJvnFdKymxEp1wtc=; b=wFXMpRdjL/C06rTngMjqTpTmxeMSmVfoP4EHQ3dPEDVbtMIyqx2Qidpu7dI2BIG3iI hmwqzRtRbAt06rBMqygD9ksUD0CdygJthD9GkZik+mncPvNZox7HL+cgmsf9l44Vt0jo dFzTXvxF9tv+1OF2VCV59TWqVdDrzgivW0xhv7qtdZ2uf4+YOTfpyeZYVGzz2lWMr66m SozkLDf0xIjHUp+X+GzYFY8Bf+3TA1dat24r2bqTCO+akTxVKvCtoFvK1UaU8/SDR1gY LJNksv+ONUso8G41ZaBKtems6JjjwmrB8Qd5foe4AYZDtduiYG8YH1lbXnzJHWByENm8 6Sqw== X-Forwarded-Encrypted: i=1; AJvYcCWQRgHe3+4+mEAIng+waVB2AAT6KyYTo7cuAzmhs35UYZ3by92DvjGzx/D4Rdv6XoyE/kzVPpDe4A==@kvack.org X-Gm-Message-State: AOJu0YxU1fvhcV+m38uW+xsqy9ELy7ot93eQNWPYoVZhOmqjciCj8im6 ksuIhglkeo+C2iaCQ06rHNmgs7gkN+YqKwqih7L3Dy8jJXyPLdAVO67f48gKUDlNFOVMabU+Njq RqUN08tDcBSKxeM2gbhWSUg34NMEyUGs= X-Gm-Gg: ASbGncvJsZu9BsPqmYDC/ZZAzGS9LF1DEWOylY7ZMAETpN0ACFn11BPUzQoNIgEWgg7 Y1B//qKhCYI8pTJnui/2SKp+NtMECXib0Y3ikNIe2160pKuKyYGovfIA61QWRFYI8n0+KyDqSks 8NJLhA5WsgBp2mrTXelouLn1zAh/kRnrUP X-Google-Smtp-Source: AGHT+IHDfTFdcBH/l37Le5WRDbeB3Misl7yxPPTRta05DvYdNwiRM3ITTTaCDvRLinRpF5oGY7zXsSu7NyLQCXH4h/Y= X-Received: by 2002:a05:6808:4448:b0:403:25bd:ca71 with SMTP id 5614622812f47-406468431ebmr3410931b6e.15.1748198706976; Sun, 25 May 2025 11:45:06 -0700 (PDT) MIME-Version: 1.0 References: <20250522122554.12209-1-shikemeng@huaweicloud.com> <20250522122554.12209-4-shikemeng@huaweicloud.com> In-Reply-To: <20250522122554.12209-4-shikemeng@huaweicloud.com> From: Kairui Song Date: Mon, 26 May 2025 02:44:48 +0800 X-Gm-Features: AX0GCFubxZByYqpvGsq5c_LFRl1oMErG28xwsGlkRLdiAGNdLQs1v0jRUu0pFy0 Message-ID: Subject: Re: [PATCH 3/4] mm: swap: fix potensial buffer overflow in setup_clusters() To: Kemeng Shi Cc: akpm@linux-foundation.org, bhe@redhat.com, hannes@cmpxchg.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 22E35180003 X-Stat-Signature: ufu3gpsqbb6qu6puizo6p5wzjjznq3ai X-Rspam-User: X-HE-Tag: 1748198707-30316 X-HE-Meta: U2FsdGVkX1/PLLY3P2YOP8FM30uk7OUkqJaJGiZRSbsDtX66GA+0DbcHwPDNDIKnapxeOvJRy0V6PA472uSPLqpkoekHkrFSxhdUBV0vqwPc18N041prCy0lMh68o1/D5voS47xjCUBA93JdpRjzhSvLvVXIirVrUhllV3r5hPvB9y45sHjpTr12+/xYuYjiv3hndwpMDHzYGSsu0mXajws1RDhkhcPgjCiFb0X8sExWnRbFaqta3tzrpog4b85sOUnUH1/FvzMsQUVjFpy3Gqs3Q6dubKtRGH6aMeapkPFlwQm+NcAYzOl2fwWDK+a8zpvbC1soc0HOqypVjZUQ4XtHqauMJ8dqD50c8pY4iwEOpBVSHqp+85bFYbPBtwc8Rvuw/ON5izjV49w0/Q3mTcQfetM2xZuA5v/4J9VJpu4qQEoR2SKHtmikDUcj8YPcIpl25s6JchZ1US8BrKlv26hRkbhskgyAA6l/Ydhu5vfeWOb6DaQfNQcNeF/fZXYcuTIozovs3qL/+gRWNTWp6n4b98O0D96ZGVPY8fLmxpAKxWEA61jfBAtxLkOnGm1+ASeL24VQTiFx2Y9u03Alu5LNGmxi2nGEB6R4gyobb1U/7Pqc0T+VAY3H0FhjJacBVWfFSkfvWpeyKYh2T6jS5KUVvbNhwUw2hbE4snWXPG0bpNWkMfZ/f/24Y4/Jf+LrgLMob7ASQ14AE/fAbGmfBOr+aQj0xtKt3agEuj1WRmv8+bMrQmJP/MrABdbaA7uH3tAlnpSwN43xLzrqXgV19g/r9Bcb23ELL9zYwXcv/YFz2j7CsXgrnyEclY5BmkP3afxgAx+pqVrtGIFH5y3naVjGnBi9J2Y9tqFhuc3VUdeAPicCX8bQY1wTnO4jGo8+60HnZWuB5PRXOUtlKlDG9WscOvvMTSJ/QJPnHjZjhtxmeXVaExmz1K8gdgd37pxF5qzYeVIN43TH+D8mQrh 2HnH/K+E skJ22aH6BmCNXShw7l2hQ3Fz/mSbhCzBBcS9+nLCBiZ26hhWBN16u2nRm0O409h6jHRE48fhusT75pVBVlBaCAxa8/e8XjAtBb/tYEaW4Dt25DX0AMWIyAahkOsKi1HVgtsjRwN8Bk+08br9lltl1G1tslONDiHytLaG8Lt8tmFDtcGNNMpg4EIsYVmGX3vDTy4xl2enAURKNrZvYsSWSEISDZ8WA/g7FXGDo3OqR+qZi1uBrcmrkwJ/2c4fNNNm/4y/2fg5uD5HvV6dRMBM0lG4Ea+vXtJHvLeiUuCwirxyx4E4jCs6HU2RV+QPWsRenVLXDXwaVZ8JS94x5qs6lF3H/gro7XlOdfO2TmkT1jJlyEwcgHIR8y4rQzfqR482zL48bwDLjfCjH8/tjohKD2OR4C07v/edPq10lPj+KySx+/W4= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, May 22, 2025 at 11:32=E2=80=AFAM Kemeng Shi wrote: > > In setup_swap_map(), we only ensure badpages are in range (0, last_page]. > As maxpages might be < last_page, setup_clusters() will encounter a > buffer overflow when a badpage is >=3D maxpages. > Only call inc_cluster_info_page() for badpage which is < maxpages to > fix the issue. > > Fixes: b843786b0bd01 ("mm: swapfile: fix SSD detection with swapfile on b= trfs") > Signed-off-by: Kemeng Shi > --- > mm/swapfile.c | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff --git a/mm/swapfile.c b/mm/swapfile.c > index a82f4ebefca3..63ab9f14b2c6 100644 > --- a/mm/swapfile.c > +++ b/mm/swapfile.c > @@ -3208,9 +3208,13 @@ static struct swap_cluster_info *setup_clusters(st= ruct swap_info_struct *si, > * and the EOF part of the last cluster. > */ > inc_cluster_info_page(si, cluster_info, 0); > - for (i =3D 0; i < swap_header->info.nr_badpages; i++) > - inc_cluster_info_page(si, cluster_info, > - swap_header->info.badpages[i]); > + for (i =3D 0; i < swap_header->info.nr_badpages; i++) { > + unsigned int page_nr =3D swap_header->info.badpages[i]; > + > + if (page_nr >=3D maxpages) > + continue; > + inc_cluster_info_page(si, cluster_info, page_nr); I think we might need a pr_err or pr_warn here, this means mkswap marked the wrong region as a bad block? Or some fs side things went wrong. > + } > for (i =3D maxpages; i < round_up(maxpages, SWAPFILE_CLUSTER); i+= +) > inc_cluster_info_page(si, cluster_info, i); > > -- > 2.30.0 > >