git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Sergey Senozhatsky <senozhatsky@chromium.org>
	Tue, 26 May 2026 02:27:17 +0000 (11:27 +0900)
committer	Andrew Morton <akpm@linux-foundation.org>
	Thu, 4 Jun 2026 21:45:07 +0000 (14:45 -0700)
commit	3bf1c285dc406067eae5b3a7072afad81ad4a4fc
tree	1ef07d8a694e7354e170f09073209bc9e1c5eb15	tree \| snapshot
parent	3e8d8eb8d7f5b1ec3993ad4dbb8140a55f789f90	commit \| diff

zram: clear trailing bytes of compressed writeback pages

Patch series "zram: writeback fixes", v2.

Brian (privately) reported a "leak" of writeback bitmap in certain cases,
so that backing device can store less pages; and a theoretical data leak
in the trailing bytes of compressed writeback pages.  Both issues are low
risk.

This patch (of 2):

When compressed writeback is available writtenback pages contain "garbage"
in PAGE_SIZE - obj_size trailing bytes.  That "garbage" is, basically,
whatever data that page held before we got it for writeback.  To get
advantage of it an attacker needs to be able to read from active backing
swap device, which is already catastrophic.  Still, just in case, zero out
those trailing bytes before writeback to a backing device so that we only
store swap-ed out data there.

Link: https://lore.kernel.org/20260526022754.2377730-1-senozhatsky@chromium.org
Link: https://lore.kernel.org/20260526022754.2377730-3-senozhatsky@chromium.org
Fixes: d38fab605c66 ("zram: introduce compressed data writeback")
Signed-off-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Suggested-by: Brian Geffon <bgeffon@google.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Richard Chang <richardycc@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>