From: Minchan Kim <minchan@kernel.org>
To: Jiang Liu <liuj97@gmail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Nitin Gupta <ngupta@vflare.org>,
Jerome Marchand <jmarchan@redhat.com>,
Yijing Wang <wangyijing@huawei.com>,
Jiang Liu <jiang.liu@huawei.com>,
devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 03/10] zram: use zram->lock to protect zram_free_page() in swap free notify path
Date: Wed, 5 Jun 2013 15:29:35 +0900 [thread overview]
Message-ID: <20130605062935.GC8732@blaptop> (raw)
In-Reply-To: <1370361968-8764-3-git-send-email-jiang.liu@huawei.com>
On Wed, Jun 05, 2013 at 12:06:01AM +0800, Jiang Liu wrote:
> zram_free_page() is protected by down_write(&zram->lock) when called by
> zram_bvec_write(), but there's no such protection when called by
> zram_slot_free_notify(), which may cause wrong states to zram object.
>
> There are two possible consequences of this issue:
> 1) It may cause invalid memory access if we read from a zram device used
> as swap device. (Not sure whether it's legal to make read/write
> requests to a zram device used as swap device.)
I think it's possible if the permission is allowed so we should take care
of that. But I'd like to clear your comment about "invalid memory access".
As I read the code, one of the problem we can encounter by race between
zram_bvec_read and zram_slot_free_notify is BUG_ON(!handle) on zs_map_object
or pr_err("Decompression failed xxxx) on zram_decompress_page.
Otherwise, it would be able to access different swap block with
user request's one.
Could you please expand your vague "invalid memory access"?
> 2) It may cause some fields (bad_compress, good_compress, pages_stored)
> in zram->stats wrong if the swap layer makes concurrently call to
> zram_slot_free_notify().
>
> So enhance zram_slot_free_notify() to acquire writer lock on zram->lock
> before calling zram_free_page().
OK.
And please add the comment struct zram->lock feild, too.
Thanks.
>
> Signed-off-by: Jiang Liu <jiang.liu@huawei.com>
> Cc: stable@vger.kernel.org
> ---
> drivers/staging/zram/zram_drv.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c
> index 5a2f20b..847d207 100644
> --- a/drivers/staging/zram/zram_drv.c
> +++ b/drivers/staging/zram/zram_drv.c
> @@ -582,7 +582,9 @@ static void zram_slot_free_notify(struct block_device *bdev,
> struct zram *zram;
>
> zram = bdev->bd_disk->private_data;
> + down_write(&zram->lock);
> zram_free_page(zram, index);
> + up_write(&zram->lock);
> zram_stat64_inc(zram, &zram->stats.notify_free);
> }
>
> --
> 1.8.1.2
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
Kind regards,
Minchan Kim
next prev parent reply other threads:[~2013-06-05 6:29 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-04 16:05 [PATCH v2 01/10] zram: kill unused zram_get_num_devices() Jiang Liu
2013-06-04 16:06 ` [PATCH v2 02/10] zram: avoid invalid memory access in zram_exit() Jiang Liu
2013-06-05 6:04 ` Minchan Kim
2013-06-05 15:24 ` Jiang Liu
2013-06-04 16:06 ` [PATCH v2 03/10] zram: use zram->lock to protect zram_free_page() in swap free notify path Jiang Liu
2013-06-05 6:29 ` Minchan Kim [this message]
2013-06-05 16:00 ` Jiang Liu
2013-06-05 10:26 ` Jerome Marchand
2013-06-04 16:06 ` [PATCH v2 04/10] zram: destroy all devices on error recovery path in zram_init() Jiang Liu
2013-06-05 6:40 ` Minchan Kim
2013-06-05 10:40 ` Jerome Marchand
2013-06-04 16:06 ` [PATCH v2 05/10] zram: avoid double free in function zram_bvec_write() Jiang Liu
2013-06-05 6:41 ` Minchan Kim
2013-06-07 9:35 ` Jerome Marchand
2013-06-04 16:06 ` [PATCH v2 06/10] zram: avoid access beyond the zram device Jiang Liu
2013-06-05 6:43 ` Minchan Kim
2013-06-04 16:06 ` [PATCH v2 07/10] zram: optimize memory operations with clear_page()/copy_page() Jiang Liu
2013-06-05 6:57 ` Minchan Kim
2013-06-04 16:06 ` [PATCH v2 08/10] zram: protect sysfs handler from invalid memory access Jiang Liu
2013-06-05 7:03 ` Minchan Kim
2013-06-04 16:06 ` [PATCH v2 09/10] zram: minor code cleanup Jiang Liu
2013-06-05 7:13 ` Minchan Kim
2013-06-04 16:06 ` [PATCH v2 10/10] zram: use atomic64_xxx() to replace zram_stat64_xxx() Jiang Liu
2013-06-05 12:02 ` Jerome Marchand
2013-06-05 16:21 ` Jiang Liu
2013-06-06 9:37 ` Jerome Marchand
2013-06-06 14:36 ` Jiang Liu
2013-06-06 15:07 ` Jerome Marchand
2013-06-06 15:56 ` Jiang Liu
2013-06-05 5:52 ` [PATCH v2 01/10] zram: kill unused zram_get_num_devices() Minchan Kim
2013-06-05 15:09 ` Jiang Liu
2013-06-05 9:06 ` Jerome Marchand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130605062935.GC8732@blaptop \
--to=minchan@kernel.org \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=jiang.liu@huawei.com \
--cc=jmarchan@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=liuj97@gmail.com \
--cc=ngupta@vflare.org \
--cc=wangyijing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.