Re: [PATCH v2] zswap: do not crash the kernel on decompression failure
From: Yosry Ahmed
Date: Thu Feb 27 2025 - 00:44:48 EST
On Wed, Feb 26, 2025 at 11:31:41PM -0500, Johannes Weiner wrote:
> On Thu, Feb 27, 2025 at 01:19:31AM +0000, Yosry Ahmed wrote:
> > On Wed, Feb 26, 2025 at 04:14:45PM -0800, Nhat Pham wrote:
> > > if (WARN_ON_ONCE(folio_test_large(folio)))
> > > return true;
> > >
> > > + entry = xa_load(tree, offset);
> > > + if (!entry)
> > > + return false;
> > > +
> >
> > A small comment here pointing out that we are deliberatly not setting
> > uptodate because of the failure may make things more obvious, or do you
> > think that's not needed?
> >
> > > + if (!zswap_decompress(entry, folio))
> > > + return true;
>
> How about an actual -ev and have this in swap_read_folio():
Good idea, I was going to suggest an enum but this is simpler.
>
> ret = zswap_load(folio);
> if (ret != -ENOENT) {
> folio_unlock(folio);
> goto finish;
> }
>
> read from swapfile...
>
> Then in zswap_load(), move uptodate further up like this (I had
> previously suggested this):
>
> if (!zswap_decompress(entry, folio))
> return -EIO;
>
> folio_mark_uptodate(folio);
>
> and I think it would be clear, even without or just minimal comments.
Another possibility is moving folio_mark_uptodate() back to
swap_read_folio(), which should make things even clearer imo as the
success/failure logic is all in one place:
ret = zswap_load(folio);
if (ret != -ENOENT) {
folio_unlock(folio);
/* Comment about not marking uptodate */
if (!ret)
folio_mark_uptodate();
goto finish;
}
or we can make it crystal clear we have 3 distinct cases:
ret = zswap_load(folio);
if (!ret) {
folio_unlock(folio);
folio_mark_uptodate();
goto finish;
} else if (ret != -ENOENT) {
/* Comment about not marking uptodate */
folio_unlock(folio);
goto finish;
}
WDYT?