From: Johannes Weiner <hannes@cmpxchg.org>
To: Yosry Ahmed <yosry.ahmed@linux.dev>
Cc: Nhat Pham <nphamcs@gmail.com>,
akpm@linux-foundation.org, chengming.zhou@linux.dev,
linux-mm@kvack.org, kernel-team@meta.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] zswap: do not crash the kernel on decompression failure
Date: Tue, 25 Feb 2025 22:57:30 -0500 [thread overview]
Message-ID: <20250226035730.GA1775487@cmpxchg.org> (raw)
In-Reply-To: <Z76AVZ_tjq2NvmLT@google.com>
On Wed, Feb 26, 2025 at 02:45:41AM +0000, Yosry Ahmed wrote:
> On Tue, Feb 25, 2025 at 07:51:49PM -0500, Johannes Weiner wrote:
> > On Tue, Feb 25, 2025 at 01:32:00PM -0800, Nhat Pham wrote:
> > > + }
> > > mutex_unlock(&acomp_ctx->mutex);
> > >
> > > if (src != acomp_ctx->buffer)
> > > zpool_unmap_handle(zpool, entry->handle);
> > > + return ret;
> > > }
> > >
> > > /*********************************
> > > @@ -1018,6 +1028,7 @@ static int zswap_writeback_entry(struct zswap_entry *entry,
> > > struct writeback_control wbc = {
> > > .sync_mode = WB_SYNC_NONE,
> > > };
> > > + int ret = 0;
> > >
> > > /* try to allocate swap cache folio */
> > > mpol = get_task_policy(current);
> > > @@ -1034,8 +1045,8 @@ static int zswap_writeback_entry(struct zswap_entry *entry,
> > > * and freed when invalidated by the concurrent shrinker anyway.
> > > */
> > > if (!folio_was_allocated) {
> > > - folio_put(folio);
> > > - return -EEXIST;
> > > + ret = -EEXIST;
> > > + goto put_folio;
> > > }
> > >
> > > /*
> > > @@ -1048,14 +1059,17 @@ static int zswap_writeback_entry(struct zswap_entry *entry,
> > > * be dereferenced.
> > > */
> > > tree = swap_zswap_tree(swpentry);
> > > - if (entry != xa_cmpxchg(tree, offset, entry, NULL, GFP_KERNEL)) {
> > > - delete_from_swap_cache(folio);
> > > - folio_unlock(folio);
> > > - folio_put(folio);
> > > - return -ENOMEM;
> > > + if (entry != xa_load(tree, offset)) {
> > > + ret = -ENOMEM;
> > > + goto fail;
> > > }
> > >
> > > - zswap_decompress(entry, folio);
> > > + if (!zswap_decompress(entry, folio)) {
> > > + ret = -EIO;
> > > + goto fail;
> > > + }
> > > +
> > > + xa_erase(tree, offset);
> > >
> > > count_vm_event(ZSWPWB);
> > > if (entry->objcg)
> > > @@ -1071,9 +1085,14 @@ static int zswap_writeback_entry(struct zswap_entry *entry,
> > >
> > > /* start writeback */
> > > __swap_writepage(folio, &wbc);
> > > - folio_put(folio);
> > > + goto put_folio;
> > >
> > > - return 0;
> > > +fail:
> > > + delete_from_swap_cache(folio);
> > > + folio_unlock(folio);
> > > +put_folio:
> > > + folio_put(folio);
> > > + return ret;
> > > }
> >
> > Nice, yeah it's time for factoring out the error unwinding. If you
> > write it like this, you can save a jump in the main sequence:
> >
> > __swap_writepage(folio, &wbc);
> > ret = 0;
> > put:
> > folio_put(folio);
> > return ret;
> > delete_unlock:
>
> (I like how you sneaked the label rename in here, I didn't like 'fail'
> either :P)
>
> > delete_from_swap_cache(folio);
> > folio_unlock(folio);
> > goto put;
>
> I would go even further and avoid gotos completely (and make it super
> clear what gets executed in the normal path vs the failure path):
>
> __swap_writepage(folio, &wbc);
> folio_put(folio);
> if (ret) {
> delete_from_swap_cache(folio);
> folio_unlock(folio);
> }
> return ret;
The !folio_was_allocated case only needs the put. I guess that could
stay open-coded.
And I think you still need one goto for the other two error legs to
jump past the __swap_writepage.
> > Something like this?
> >
> > if (!zswap_decompress(entry, folio)) {
> > /*
> > * The zswap_load() return value doesn't indicate success or
> > * failure, but whether zswap owns the swapped out contents.
> > * This MUST return true here, otherwise swap_readpage() will
> > * read garbage from the backend.
> > *
> > * Success is signaled by marking the folio uptodate.
> > */
>
> We use the same trick in the folio_test_large() branch, so maybe this
> should be moved to above the function definition. Then we can perhaps
> refer to it in places where we return true wihout setting uptodate for
> added clarity if needed.
That makes sense to me. Nhat, what do you think?
next prev parent reply other threads:[~2025-02-26 3:57 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-25 21:32 [PATCH] zswap: do not crash the kernel on decompression failure Nhat Pham
2025-02-25 22:25 ` Andrew Morton
2025-02-25 22:28 ` Nhat Pham
2025-02-26 0:51 ` Johannes Weiner
2025-02-26 2:45 ` Yosry Ahmed
2025-02-26 3:57 ` Johannes Weiner [this message]
2025-02-26 15:42 ` Yosry Ahmed
2025-02-26 23:39 ` Nhat Pham
2025-02-26 2:40 ` Yosry Ahmed
2025-02-26 23:16 ` Nhat Pham
2025-02-27 0:03 ` Yosry Ahmed
2025-02-26 3:12 ` Yosry Ahmed
2025-02-26 4:57 ` Johannes Weiner
2025-02-26 15:33 ` Yosry Ahmed
2025-02-26 23:20 ` Nhat Pham
2025-02-27 0:00 ` Yosry Ahmed
2025-02-26 23:29 ` Nhat Pham
2025-02-26 23:58 ` Yosry Ahmed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250226035730.GA1775487@cmpxchg.org \
--to=hannes@cmpxchg.org \
--cc=akpm@linux-foundation.org \
--cc=chengming.zhou@linux.dev \
--cc=kernel-team@meta.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=nphamcs@gmail.com \
--cc=yosry.ahmed@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.