Linux Kernel Zswap Inconsistency Vulnerability

A vulnerability in the Linux kernel's zswap memory compression feature has been addressed. The issue arose because the function zswap_store_page() failed to properly charge zswap entries when it could not compress an entire large folio. This led to an inconsistency in zswap charging, causing warnings related to memory management. The problem was resolved by modifying zswap_store_page() to correctly increment the zswap stored pages counter and charge the entries when the operation succeeded, ensuring that the zswap_entry_free() function could properly manage the entries during the rollback process.

Impact

The vulnerability caused inconsistencies in zswap charging, leading to warnings about memory management errors. These inconsistencies could disrupt the normal operation of the zswap feature, potentially causing performance issues or incorrect memory handling.

Reproduction

The vulnerability can be reproduced on a system with 64GiB of RAM and 36GiB of zswap. After running the stress-ng tool with the bigheap option to create memory pressure, the out-of-memory (OOM) killer will terminate the stress-ng process. This sequence of actions triggers the zswap inconsistency and the associated warnings.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.