Re: [PATCH] zsmalloc: zero-initialize zspage memory to prevent KMSAN uninit reads

Next message: Christoph Hellwig: "Re: [PATCH v6 2/3] mm/swap: use swap_ops to register swap device's methods"
Previous message: Priyansh Jain: "[PATCH v4] thermal: qcom: tsens: atomic temperature read with hardware-guided retries"
In reply to: Sergey Senozhatsky: "Re: [PATCH] zsmalloc: zero-initialize zspage memory to prevent KMSAN uninit reads"
Next in thread: Sergey Senozhatsky: "Re: [PATCH] zsmalloc: zero-initialize zspage memory to prevent KMSAN uninit reads"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Herbert Xu

Date: Wed May 13 2026 - 01:45:14 EST

On Wed, May 13, 2026 at 11:47:41AM +0900, Sergey Senozhatsky wrote:
> Adding Yosry and Herbert,
>
> On (26/05/12 14:47), Andrew Morton wrote:
> > > Pages allocated via alloc_zpdesc() use alloc_pages_node() without
> > > __GFP_ZERO, leaving physical memory uninitialized. When a compressed
> > > object spans two physical pages in a zspage, zs_obj_read_sg_begin()
> > > sets up a scatterlist pointing directly at the raw second page. If the
> > > second page was freshly allocated and never written beyond the object
> > > boundary, KMSAN detects reads of uninitialized memory downstream in
> > > the decompressor (e.g. sw842_decompress reading the CRC trailer).
>
> I don't get this. How can sw842_decompress() read more bytes than
> it's told to decompress. We first compress and store the object,
> before we load and decompress, reading past the known compressed
> object size (which we pass to decompress function) should not happen.
> Yosry, Herbert, any ideas?

It sounds like a bug in 842. I'll look into it.

Thanks for pointer.
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt