On 2023/12/28 07:21, Nhat Pham wrote: > On Wed, Dec 27, 2023 at 12:58 PM Andrew Morton > <akpm@xxxxxxxxxxxxxxxxxxxx> wrote: >> >> On Wed, 27 Dec 2023 14:11:06 +0800 Chengming Zhou <zhouchengming@xxxxxxxxxxxxx> wrote: >> >>>> i remember there was an over-compression case, that means the compressed >>>> data can be bigger than the source data. the similar thing is also done in zram >>>> drivers/block/zram/zcomp.c >>> >>> Right, there is a buffer overflow report[1] that I just +to you. >> >> What does "[1]" refer to? Is there a bug report about this series? > > I think Chengming was referring to this: > > https://lore.kernel.org/lkml/0000000000000b05cd060d6b5511@xxxxxxxxxx/ > > Syzkaller/syzbot found an edge case where the page's "compressed" form > was larger than one page, which tripped up the compression code (since > we reduced the compression buffer size to 1 page here). Right, thanks Nhat! The reported bug can be fixed by a patch I posted: https://lore.kernel.org/all/20231227093523.2735484-1-chengming.zhou@xxxxxxxxx/ Although this bug is fixed, we still have to revert the first patch to use 2 pages buffer in zswap, since not all compressor drivers would respect the buffer size we passed in and may overflow our output buffer. Barry Song has explained the background in: https://lore.kernel.org/all/CAGsJ_4xuuaPnQzkkQVaRyZL6ZdwkiQ_B7_c2baNaCKVg_O7ZQA@xxxxxxxxxxxxxx/ I will send an updated series later. Thanks!
