From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A817C54FB3 for ; Fri, 30 May 2025 02:55:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BDA886B0082; Thu, 29 May 2025 22:55:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B8AEA6B0083; Thu, 29 May 2025 22:55:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A7BF86B0085; Thu, 29 May 2025 22:55:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 849BB6B0082 for ; Thu, 29 May 2025 22:55:36 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 9754FC1E6B for ; Fri, 30 May 2025 02:55:35 +0000 (UTC) X-FDA: 83498058630.04.173B98D Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf24.hostedemail.com (Postfix) with ESMTP id C1D3F180002 for ; Fri, 30 May 2025 02:55:33 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=G4RgTy2p; spf=pass (imf24.hostedemail.com: domain of bhe@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=bhe@redhat.com; dmarc=pass (policy=quarantine) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1748573733; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=PhZXj9coS0pxdKEYFwta5YLsamCEbvhMNZ/W9QUCqWk=; b=yywnJZB01s3rarIz+0nCQy81GBWFhZAZ5Z2bn+dOq4NrRWNCJtu2J4o6sRPtZy71iRKanP zP/HGvXpJEjryOl5aSZ7uiXmHeCkdeT2yIGaAPCBJLgrTlPZPyC9lXJolmUWFMixvvjN3M 42WtBZ+qutCM77V0PvFO8+b8k23D8z8= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=G4RgTy2p; spf=pass (imf24.hostedemail.com: domain of bhe@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=bhe@redhat.com; dmarc=pass (policy=quarantine) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1748573733; a=rsa-sha256; cv=none; b=G4WltFGLFGLA48//JYNp/pXozVVl9NrXD0NGHMX5E0cL8RGqfg5Uv+xl4JYgkSkUfZXNFT lT2w55QBJXks463dObnsAE9HcmR3odf2Cg5KYGUMu6rRyPV29WQie+kh/1QXAb/REYQrXK sq+CW9Lomdr9G8ARS/5FRTmtiJgm1ng= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1748573733; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PhZXj9coS0pxdKEYFwta5YLsamCEbvhMNZ/W9QUCqWk=; b=G4RgTy2prnvRevymK4qMR2rltxDYvEGz9V6wel/OlwYf/aHxYqOqCQcL1OTQ/vOZdypC/D oyrNt1KMnLUF+lRC3Q1GTn6QVSQpx7mea/iy+NN0hWG6K5/73h6Y18aHac/101EHn5tT2d ToFG3N928+dqkNbl0nCWrGiOvWbA/ZY= Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-81-8hYZnY-uNcaz8wBZv8NV1g-1; Thu, 29 May 2025 22:55:27 -0400 X-MC-Unique: 8hYZnY-uNcaz8wBZv8NV1g-1 X-Mimecast-MFC-AGG-ID: 8hYZnY-uNcaz8wBZv8NV1g_1748573726 Received: from mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id C43BC180048E; Fri, 30 May 2025 02:55:25 +0000 (UTC) Received: from localhost (unknown [10.72.112.13]) by mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 304B61956066; Fri, 30 May 2025 02:55:23 +0000 (UTC) Date: Fri, 30 May 2025 10:55:19 +0800 From: Baoquan He To: Kairui Song Cc: Kemeng Shi , akpm@linux-foundation.org, hannes@cmpxchg.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 3/4] mm: swap: fix potensial buffer overflow in setup_clusters() Message-ID: References: <20250522122554.12209-1-shikemeng@huaweicloud.com> <20250522122554.12209-4-shikemeng@huaweicloud.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Scanned-By: MIMEDefang 3.0 on 10.30.177.40 X-Rspam-User: X-Stat-Signature: z5i4jdjuf117p7xpq1yhck9tig8n88nx X-Rspamd-Queue-Id: C1D3F180002 X-Rspamd-Server: rspam11 X-HE-Tag: 1748573733-799795 X-HE-Meta: U2FsdGVkX18V3KSGKGevwoai9A3dcGtSco9vyw2kg42Mq5Xef7hpdjrrwz2PJ3S7QaMMHxVAqIW3Wk+9h/r4KXKpiL+lG//UCrtwYoVSqtNE6B1ckrZ1DBoAUwePjkDJzlF+M8cvTcE8UZnO3uBaMGRqdpHV/2jVC3XOkVVmNZBCJ3HK3FAWk8f9LB+7moDGfMh+yCa4TlFdGU2Bptff4Z8/qmaS9DL9OQGMUm6mH4GmyBvRnuepi6kMPO2sqkFhXQo9x1kEpGmeYVyEOPjNaiCnaNn3BB62nQzh1EOzH/Z3nAnaGUIu8H4KlT+QojfdXLzzt081wl1riDkMuA5rYZ5+F8p/5crzGpbbqmjivGx5etTm+HrmXvv4Ymk82UOvRH6C26rp6gpQQBHtdAGo2mTo0c9gixZXLhC7fxESbbjiKFXXxLM5ljihINcZQ6hp/KJJ6Ui7H8vzdwLDT05J+rFSQdKL/HyWWcLR54EbGSEdIlidibZ7uQifM0dDTpEN3PN6SCPWm3jsOTbWeQIAQGS2lKB5aynfQH6b0FQJpQFFwjSNA8xy1wN093eQ6Lkvh/QLqAOoIJ1WUlHFbRLy2jH4AQhnWZBaChD3WWTSGAIT/5uHORVuUddhVeSsI+JI7p0yGfA2m4hjD57AnKhPVXyUPz/AUuxKHa7n4/UfHStzs1l2AKq+g4cLHQiz7TDf+tnL6qhsMWkn0mxcbwOazUmZTwpjMIRmLsaVBayUTBROwJnHQbhN95VugBxo1jB2g6NGob4Q8Xwnb9j6xFDAVq5GIkU/ggP57JijEii51FW8C/tS3N/g38QVv7S7LDw+PWpbHogGnhpr23Sdir96kSdDZYM3KS8VL7qDnC8fbu2hOWkblSkOFJKBY5Q909FfOTvgq3fQiEFlN98y/ACDKIKBvfoNwxKQlDYDTJfUYiZTQ8LfId4FGNp/JAY4MHI3rjaQYbu2xChmdbBo2az J+BhODIh Z2wfq5yg5/yt4wqHnYhpkHQx0Y7bv1Q1HTko4Ej7TkqGV7NCJKtcCKMcR/YwPOcjNxRoX6CNqP1R+7ssOBgB9bLtjioGyfwGgRl67IBcrZw1rVPoop2cCWtKqk2EFK2OtETikv91uSDbE6tSodUCMKkrdATDzqJyyqR3eYoFB6kOuQYFMhuUhNLCO3T1o6aYr6cAmjjuF0MxkP8iDq3USpOQrg7HiIZPuL8hThxlxQXMNCC/wZ/fMpWqkBgCdcWp8isVWX9+eBzGfOZcfGfns440XF+4pvaLbiVfAyX603hy60G/37FL6iqvmKit6l6TLLuNiEQhgVuMwUI71NA8j/8K4aQBgNmk0xJXZwMMXy0ti50kRFDy5Tu5Z4wrn3EZtk8o+oWJwxPaprJM5s2b5HvIgoJcJqeYPCB9qbe5+182hZzFPm50sH//xH2l+qtc7hna6oMXD66dyXxqD2yomXnOzSVTS1VcWKUeRMVBQIN95M7V0SZyqpFY8tInxUBl8OGfRkymxBAUAEjJ8G8+tjtxa3w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 05/26/25 at 02:44am, Kairui Song wrote: > On Thu, May 22, 2025 at 11:32 AM Kemeng Shi wrote: > > > > In setup_swap_map(), we only ensure badpages are in range (0, last_page]. > > As maxpages might be < last_page, setup_clusters() will encounter a > > buffer overflow when a badpage is >= maxpages. > > Only call inc_cluster_info_page() for badpage which is < maxpages to > > fix the issue. > > > > Fixes: b843786b0bd01 ("mm: swapfile: fix SSD detection with swapfile on btrfs") > > Signed-off-by: Kemeng Shi > > --- > > mm/swapfile.c | 10 +++++++--- > > 1 file changed, 7 insertions(+), 3 deletions(-) > > > > diff --git a/mm/swapfile.c b/mm/swapfile.c > > index a82f4ebefca3..63ab9f14b2c6 100644 > > --- a/mm/swapfile.c > > +++ b/mm/swapfile.c > > @@ -3208,9 +3208,13 @@ static struct swap_cluster_info *setup_clusters(struct swap_info_struct *si, > > * and the EOF part of the last cluster. > > */ > > inc_cluster_info_page(si, cluster_info, 0); > > - for (i = 0; i < swap_header->info.nr_badpages; i++) > > - inc_cluster_info_page(si, cluster_info, > > - swap_header->info.badpages[i]); > > + for (i = 0; i < swap_header->info.nr_badpages; i++) { > > + unsigned int page_nr = swap_header->info.badpages[i]; > > + > > + if (page_nr >= maxpages) > > + continue; > > + inc_cluster_info_page(si, cluster_info, page_nr); > > I think we might need a pr_err or pr_warn here, this means mkswap > marked the wrong region as a bad block? Or some fs side things went > wrong. There's aready warning in read_swap_header(): static unsigned long read_swap_header(struct swap_info_struct *si, union swap_header *swap_header, struct inode *inode) { ...... if (last_page > maxpages) { pr_warn("Truncating oversized swap area, only using %luk out of %luk\n", K(maxpages), K(last_page)); } ... } And if we add pr_err|warn here, we also need add it in setup_swap_map() when filling swap_map. > > > > + } > > for (i = maxpages; i < round_up(maxpages, SWAPFILE_CLUSTER); i++) > > inc_cluster_info_page(si, cluster_info, i); > > > > -- > > 2.30.0 > > > > >