[PATCH OLK-5.10 0/2] zs_malloc: return ERR_PTR on failure

List overview All Threads
Download

newer

older

[PATCH openEuler-1.0-LTS] fuse:...

[PATCH v2 openEuler-23.09 0/2]...

Jinjiang Tu

31 Aug 2023 31 Aug '23

10:12 p.m.

1. zs_malloc() returns error code instead of 0 when error happens. 2. check parameter handle in zs_free().

Hui Zhu (1): zsmalloc: zs_malloc: return ERR_PTR on failure

Sergey Senozhatsky (1): mm/zsmalloc: do not attempt to free IS_ERR handle

drivers/block/zram/zram_drv.c | 10 +++++----- mm/zsmalloc.c | 15 +++++++++------ 2 files changed, 14 insertions(+), 11 deletions(-)

-- 2.25.1

Show replies by date

patchwork bot

31 Aug 31 Aug

9:26 p.m.

反馈：您发送到kernel@openeuler.org的补丁/补丁集，已成功转换为PR！ PR链接地址： https://gitee.com/openeuler/kernel/pulls/1954 邮件列表地址：https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/F...

FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/1954 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/F...

Jinjiang Tu

10:12 p.m.

New subject: [PATCH OLK-5.10 1/2] zsmalloc: zs_malloc: return ERR_PTR on failure

From: Hui Zhu teawater@antgroup.com

mainline inclusion from mainline-v6.0-rc1 commit c7e6f17b52e9486a9d997368819dfec032b550e2 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7TWVA CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...

-------------------------------------------

zs_malloc returns 0 if it fails. zs_zpool_malloc will return -1 when zs_malloc return 0. But -1 makes the return value unclear.

For example, when zswap_frontswap_store calls zs_malloc through zs_zpool_malloc, it will return -1 to its caller. The other return value is -EINVAL, -ENODEV or something else.

This commit changes zs_malloc to return ERR_PTR on failure. It didn't just let zs_zpool_malloc return -ENOMEM becaue zs_malloc has two types of failure:

- size is not OK return -EINVAL - memory alloc fail return -ENOMEM.

Link: https://lkml.kernel.org/r/20220714080757.12161-1-teawater@gmail.com Signed-off-by: Hui Zhu teawater@antgroup.com Cc: Minchan Kim minchan@kernel.org Cc: Nitin Gupta ngupta@vflare.org Cc: Sergey Senozhatsky senozhatsky@chromium.org Cc: Jens Axboe axboe@kernel.dk Signed-off-by: Andrew Morton akpm@linux-foundation.org

Conflicts: drivers/block/zram/zram_drv.c

Signed-off-by: Jinjiang Tu tujinjiang@huawei.com --- drivers/block/zram/zram_drv.c | 10 +++++----- mm/zsmalloc.c | 13 ++++++++----- 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index 7e706e3eab8d..24a5f892d64d 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -1488,7 +1488,7 @@ static int __zram_bvec_write(struct zram *zram, struct bio_vec *bvec, { int ret = 0; unsigned long alloced_pages; - unsigned long handle = 0; + unsigned long handle = -ENOMEM; unsigned int comp_len = 0; void *src, *dst, *mem; struct zcomp_strm *zstrm; @@ -1534,21 +1534,21 @@ static int __zram_bvec_write(struct zram *zram, struct bio_vec *bvec, * if we have a 'non-null' handle here then we are coming * from the slow path and handle has already been allocated. */ - if (!handle) + if (IS_ERR((void *)handle)) handle = zs_malloc(zram->mem_pool, comp_len, __GFP_KSWAPD_RECLAIM | __GFP_NOWARN | __GFP_HIGHMEM | __GFP_MOVABLE); - if (!handle) { + if (IS_ERR((void *)handle)) { zcomp_stream_put(zram->comps[ZRAM_PRIMARY_COMP]); atomic64_inc(&zram->stats.writestall); handle = zs_malloc(zram->mem_pool, comp_len, GFP_NOIO | __GFP_HIGHMEM | __GFP_MOVABLE); - if (handle) + if (!IS_ERR((void *)handle)) goto compress_again; - return -ENOMEM; + return PTR_ERR((void *)handle); }

alloced_pages = zs_get_total_pages(zram->mem_pool); diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c index 45e52abc8ad1..540af37bea02 100644 --- a/mm/zsmalloc.c +++ b/mm/zsmalloc.c @@ -401,7 +401,10 @@ static int zs_zpool_malloc(void *pool, size_t size, gfp_t gfp, unsigned long *handle) { *handle = zs_malloc(pool, size, gfp); - return *handle ? 0 : -1; + + if (IS_ERR((void *)(*handle))) + return PTR_ERR((void *)*handle); + return 0; } static void zs_zpool_free(void *pool, unsigned long handle) { @@ -1428,7 +1431,7 @@ static unsigned long obj_malloc(struct size_class *class, * @gfp: gfp flags when allocating object * * On success, handle to the allocated object is returned, - * otherwise 0. + * otherwise an ERR_PTR(). * Allocation requests with size > ZS_MAX_ALLOC_SIZE will fail. */ unsigned long zs_malloc(struct zs_pool *pool, size_t size, gfp_t gfp) @@ -1439,11 +1442,11 @@ unsigned long zs_malloc(struct zs_pool *pool, size_t size, gfp_t gfp) struct zspage *zspage;

if (unlikely(!size || size > ZS_MAX_ALLOC_SIZE)) - return 0; + return (unsigned long)ERR_PTR(-EINVAL);

handle = cache_alloc_handle(pool, gfp); if (!handle) - return 0; + return (unsigned long)ERR_PTR(-ENOMEM);

/* extra space in chunk to keep the handle */ size += ZS_HANDLE_SIZE; @@ -1466,7 +1469,7 @@ unsigned long zs_malloc(struct zs_pool *pool, size_t size, gfp_t gfp) zspage = alloc_zspage(pool, class, gfp); if (!zspage) { cache_free_handle(pool, handle); - return 0; + return (unsigned long)ERR_PTR(-ENOMEM); }

spin_lock(&class->lock);

-- 2.25.1

Jinjiang Tu

10:12 p.m.

New subject: [PATCH OLK-5.10 2/2] mm/zsmalloc: do not attempt to free IS_ERR handle

From: Sergey Senozhatsky senozhatsky@chromium.org

mainline inclusion from mainline-v6.0-rc3 commit a5d2172180e8f94a8cfc7a7fa0243035629bf8d0 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I7TWVA CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...

-------------------------------------------

zsmalloc() now returns ERR_PTR values as handles, which zram accidentally can pass to zs_free(). Another bad scenario is when zcomp_compress() fails - handle has default -ENOMEM value, and zs_free() will try to free that "pointer value".

Add the missing check and make sure that zs_free() bails out when ERR_PTR() is passed to it.

Link: https://lkml.kernel.org/r/20220816050906.2583956-1-senozhatsky@chromium.org Fixes: c7e6f17b52e9 ("zsmalloc: zs_malloc: return ERR_PTR on failure") Signed-off-by: Sergey Senozhatsky senozhatsky@chromium.org Cc: Minchan Kim minchan@kernel.org Cc: Nitin Gupta ngupta@vflare.org, Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Jinjiang Tu tujinjiang@huawei.com --- mm/zsmalloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c index 540af37bea02..6079f5625abb 100644 --- a/mm/zsmalloc.c +++ b/mm/zsmalloc.c @@ -1526,7 +1526,7 @@ void zs_free(struct zs_pool *pool, unsigned long handle) enum fullness_group fullness; bool isolated;

- if (unlikely(!handle)) + if (IS_ERR_OR_NULL((void *)handle)) return;

pin_tag(handle);

-- 2.25.1

449

Age (days ago)

449

Last active (days ago)

kernel@openeuler.org

3 comments

2 participants

tags (0)

participants (2)

Jinjiang Tu
patchwork bot