mm: zswap: cleanups

[PATCH 04/20] mm: zswap: warn when referencing a dead entry

Posted by Johannes Weiner 1 year, 10 months ago

Put a standard sanity check on zswap_entry_get() for UAF scenario.

Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
---
 mm/zswap.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mm/zswap.c b/mm/zswap.c
index 9f05282efe3c..0c6adaf2fdb6 100644
--- a/mm/zswap.c
+++ b/mm/zswap.c
@@ -542,6 +542,7 @@ static void zswap_entry_free(struct zswap_entry *entry)
 /* caller must hold the tree lock */
 static void zswap_entry_get(struct zswap_entry *entry)
 {
+	WARN_ON_ONCE(!entry->refcount);
 	entry->refcount++;
 }
 
-- 
2.43.0

Re: [PATCH 04/20] mm: zswap: warn when referencing a dead entry

Posted by Nhat Pham 1 year, 10 months ago

On Mon, Jan 29, 2024 at 5:42 PM Johannes Weiner <hannes@cmpxchg.org> wrote:
>
> Put a standard sanity check on zswap_entry_get() for UAF scenario.
>
> Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
> ---
>  mm/zswap.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/mm/zswap.c b/mm/zswap.c
> index 9f05282efe3c..0c6adaf2fdb6 100644
> --- a/mm/zswap.c
> +++ b/mm/zswap.c
> @@ -542,6 +542,7 @@ static void zswap_entry_free(struct zswap_entry *entry)
>  /* caller must hold the tree lock */
>  static void zswap_entry_get(struct zswap_entry *entry)
>  {
> +       WARN_ON_ONCE(!entry->refcount);
>         entry->refcount++;
>  }
>
> --
> 2.43.0
>

Reviewed-by: Nhat Pham <nphamcs@gmail.com>

Re: [PATCH 04/20] mm: zswap: warn when referencing a dead entry

Posted by Yosry Ahmed 1 year, 10 months ago

On Mon, Jan 29, 2024 at 08:36:40PM -0500, Johannes Weiner wrote:
> Put a standard sanity check on zswap_entry_get() for UAF scenario.
> 
> Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>

Acked-by: Yosry Ahmed <yosryahmed@google.com>

Re: [External] [PATCH 04/20] mm: zswap: warn when referencing a dead entry

Posted by Chengming Zhou 1 year, 10 months ago

On 2024/1/30 09:36, Johannes Weiner wrote:
> Put a standard sanity check on zswap_entry_get() for UAF scenario.
> 
> Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>

Reviewed-by: Chengming Zhou <zhouchengming@bytedance.com>

> ---
>  mm/zswap.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/mm/zswap.c b/mm/zswap.c
> index 9f05282efe3c..0c6adaf2fdb6 100644
> --- a/mm/zswap.c
> +++ b/mm/zswap.c
> @@ -542,6 +542,7 @@ static void zswap_entry_free(struct zswap_entry *entry)
>  /* caller must hold the tree lock */
>  static void zswap_entry_get(struct zswap_entry *entry)
>  {
> +	WARN_ON_ONCE(!entry->refcount);
>  	entry->refcount++;
>  }
>