Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

Rafael Aquini writes: > On Thu, Oct 01, 2020 at 10:31:57AM -0400, Rafael Aquini wrote: >> On Fri, Sep 25, 2020 at 11:21:58AM +0800, Huang, Ying wrote: >> > Rafael Aquini writes: >> > >> Or, can you help to run the test with a debug kernel based on upstream >> > >> kernel. I can provide some

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

On Thu, Oct 01, 2020 at 10:31:57AM -0400, Rafael Aquini wrote: > On Fri, Sep 25, 2020 at 11:21:58AM +0800, Huang, Ying wrote: > > Rafael Aquini writes: > > >> Or, can you help to run the test with a debug kernel based on upstream > > >> kernel. I can provide some debug patch. > > >> > > > > > >

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

On Fri, Sep 25, 2020 at 11:21:58AM +0800, Huang, Ying wrote: > Rafael Aquini writes: > >> Or, can you help to run the test with a debug kernel based on upstream > >> kernel. I can provide some debug patch. > >> > > > > Sure, I can set your patches to run with the test cases we have that tend >

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

Rafael Aquini writes: > On Fri, Sep 25, 2020 at 11:21:58AM +0800, Huang, Ying wrote: >> Rafael Aquini writes: >> >> Or, can you help to run the test with a debug kernel based on upstream >> >> kernel. I can provide some debug patch. >> >> >> > >> > Sure, I can set your patches to run with the

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

On Fri, Sep 25, 2020 at 11:21:58AM +0800, Huang, Ying wrote: > Rafael Aquini writes: > >> Or, can you help to run the test with a debug kernel based on upstream > >> kernel. I can provide some debug patch. > >> > > > > Sure, I can set your patches to run with the test cases we have that tend >

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

Rafael Aquini writes: >> Or, can you help to run the test with a debug kernel based on upstream >> kernel. I can provide some debug patch. >> > > Sure, I can set your patches to run with the test cases we have that tend to > reproduce the issue with some degree of success. Thanks! I found a

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

On Fri, 25 Sep 2020 11:06:53 +0800 "Huang\, Ying" wrote: > >> UGH! I missed adding it to my cc list. Shall I just forward it, now, or > >> do you prefer a fresh repost? > > > > I added the cc:stable to my copy. > > Please don't merge this patch. This patch doesn't fix the bug, but hide > the

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

Hi, Andrew, Andrew Morton writes: > On Wed, 23 Sep 2020 09:42:51 -0400 Rafael Aquini wrote: > >> On Tue, Sep 22, 2020 at 12:47:50PM -0700, Andrew Morton wrote: >> > On Tue, 22 Sep 2020 14:48:38 -0400 Rafael Aquini wrote: >> > >> > > The swap area descriptor only gets struct swap_cluster_info

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

On Wed, 23 Sep 2020 09:42:51 -0400 Rafael Aquini wrote: > On Tue, Sep 22, 2020 at 12:47:50PM -0700, Andrew Morton wrote: > > On Tue, 22 Sep 2020 14:48:38 -0400 Rafael Aquini wrote: > > > > > The swap area descriptor only gets struct swap_cluster_info *cluster_info > > > allocated if the

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

On Thu, Sep 24, 2020 at 03:45:52PM +0800, Huang, Ying wrote: > Rafael Aquini writes: > > > On Thu, Sep 24, 2020 at 11:51:17AM +0800, Huang, Ying wrote: > >> Rafael Aquini writes: > >> > The bug here is quite simple: split_swap_cluster() misses checking for > >> > lock_cluster() returning NULL

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

Rafael Aquini writes: >> >> If there's a race, we should fix the race. But the code path for >> swapcache insertion is, >> >> add_to_swap() >> get_swap_page() /* Return if fails to allocate */ >> add_to_swap_cache() >> SetPageSwapCache() >> >> While the code path to split THP is, >>

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

On Thu, Sep 24, 2020 at 11:51:17AM +0800, Huang, Ying wrote: > Rafael Aquini writes: > > The bug here is quite simple: split_swap_cluster() misses checking for > > lock_cluster() returning NULL before committing to change > > cluster_info->flags. > > I don't think so. We shouldn't run into

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

Rafael Aquini writes: > The bug here is quite simple: split_swap_cluster() misses checking for > lock_cluster() returning NULL before committing to change cluster_info->flags. I don't think so. We shouldn't run into this situation firstly. So the "fix" hides the real bug instead of fixing it.

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

On Thu, Sep 24, 2020 at 08:59:40AM +0800, Huang, Ying wrote: > Rafael Aquini writes: > > > On Wed, Sep 23, 2020 at 01:13:49PM +0800, Huang, Ying wrote: > >> Rafael Aquini writes: > >> > >> > On Wed, Sep 23, 2020 at 10:21:36AM +0800, Huang, Ying wrote: > >> >> Hi, Rafael, > >> >> > >> >>

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

Rafael Aquini writes: > On Wed, Sep 23, 2020 at 01:13:49PM +0800, Huang, Ying wrote: >> Rafael Aquini writes: >> >> > On Wed, Sep 23, 2020 at 10:21:36AM +0800, Huang, Ying wrote: >> >> Hi, Rafael, >> >> >> >> Rafael Aquini writes: >> >> >> >> > The swap area descriptor only gets struct

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

On Tue, Sep 22, 2020 at 12:47:50PM -0700, Andrew Morton wrote: > On Tue, 22 Sep 2020 14:48:38 -0400 Rafael Aquini wrote: > > > The swap area descriptor only gets struct swap_cluster_info *cluster_info > > allocated if the swapfile is backed by non-rotational storage. > > When the swap area is

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

On Wed, Sep 23, 2020 at 01:13:49PM +0800, Huang, Ying wrote: > Rafael Aquini writes: > > > On Wed, Sep 23, 2020 at 10:21:36AM +0800, Huang, Ying wrote: > >> Hi, Rafael, > >> > >> Rafael Aquini writes: > >> > >> > The swap area descriptor only gets struct swap_cluster_info *cluster_info > >> >

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

Rafael Aquini writes: > On Wed, Sep 23, 2020 at 10:21:36AM +0800, Huang, Ying wrote: >> Hi, Rafael, >> >> Rafael Aquini writes: >> >> > The swap area descriptor only gets struct swap_cluster_info *cluster_info >> > allocated if the swapfile is backed by non-rotational storage. >> > When the

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

On Wed, Sep 23, 2020 at 10:21:36AM +0800, Huang, Ying wrote: > Hi, Rafael, > > Rafael Aquini writes: > > > The swap area descriptor only gets struct swap_cluster_info *cluster_info > > allocated if the swapfile is backed by non-rotational storage. > > When the swap area is laid on top of

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

Hi, Rafael, Rafael Aquini writes: > The swap area descriptor only gets struct swap_cluster_info *cluster_info > allocated if the swapfile is backed by non-rotational storage. > When the swap area is laid on top of ordinary disk spindles, lock_cluster() > will naturally return NULL. Thanks for

Re: [PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

On Tue, 22 Sep 2020 14:48:38 -0400 Rafael Aquini wrote: > The swap area descriptor only gets struct swap_cluster_info *cluster_info > allocated if the swapfile is backed by non-rotational storage. > When the swap area is laid on top of ordinary disk spindles, lock_cluster() > will naturally

[PATCH] mm: swapfile: avoid split_swap_cluster() NULL pointer dereference

The swap area descriptor only gets struct swap_cluster_info *cluster_info allocated if the swapfile is backed by non-rotational storage. When the swap area is laid on top of ordinary disk spindles, lock_cluster() will naturally return NULL. CONFIG_THP_SWAP exposes cluster_info infrastructure to a