From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jiang Liu <jiang.liu@huawei.com>,
Minchan Kim <minchan@kernel.org>,
Ben Hutchings <ben@decadent.org.uk>,
Yijing Wang <wangyijing@huawei.com>
Subject: [PATCH 3.4 4/8] zram: protect sysfs handler from invalid memory access
Date: Thu, 12 Jun 2014 16:22:51 -0700 [thread overview]
Message-ID: <20140612232238.789898097@linuxfoundation.org> (raw)
In-Reply-To: <20140612232238.396722659@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiang Liu <liuj97@gmail.com>
commit 5863e10b441e7ea4b492f930f1be180a97d026f3 upstream.
Use zram->init_lock to protect access to zram->meta, otherwise it
may cause invalid memory access if zram->meta has been freed by
zram_reset_device().
This issue may be triggered by:
Thread 1:
while true; do cat mem_used_total; done
Thread 2:
while true; do echo 8M > disksize; echo 1 > reset; done
Signed-off-by: Jiang Liu <jiang.liu@huawei.com>
Acked-by: Minchan Kim <minchan@kernel.org>
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[wyj: Backported to 3.4: adjust context]
Signed-off-by: Yijing Wang <wangyijing@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/zram/zram_sysfs.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/staging/zram/zram_sysfs.c
+++ b/drivers/staging/zram/zram_sysfs.c
@@ -188,10 +188,12 @@ static ssize_t mem_used_total_show(struc
u64 val = 0;
struct zram *zram = dev_to_zram(dev);
+ down_read(&zram->init_lock);
if (zram->init_done) {
val = zs_get_total_size_bytes(zram->mem_pool) +
((u64)(zram->stats.pages_expand) << PAGE_SHIFT);
}
+ up_read(&zram->init_lock);
return sprintf(buf, "%llu\n", val);
}
next prev parent reply other threads:[~2014-06-12 23:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-12 23:22 [PATCH 3.4 0/8] 3.4.94-stable review Greg Kroah-Hartman
2014-06-12 23:22 ` [PATCH 3.4 1/8] mlx4_en: dont use napi_synchronize inside mlx4_en_netpoll Greg Kroah-Hartman
2014-06-12 23:22 ` [PATCH 3.4 2/8] netfilter: ipv4: defrag: set local_df flag on defragmented skb Greg Kroah-Hartman
2014-06-12 23:22 ` [PATCH 3.4 3/8] powerpc: Fix 64 bit builds with binutils 2.24 Greg Kroah-Hartman
2014-06-12 23:22 ` Greg Kroah-Hartman [this message]
2014-06-12 23:22 ` [PATCH 3.4 5/8] Staging: zram: Fix memory leak by refcount mismatch Greg Kroah-Hartman
2014-06-12 23:22 ` [PATCH 3.4 6/8] auditsc: audit_krule mask accesses need bounds checking Greg Kroah-Hartman
2014-06-12 23:22 ` [PATCH 3.4 7/8] SCSI: megaraid: Use resource_size_t for PCI resources, not long Greg Kroah-Hartman
2014-06-13 5:43 ` [PATCH 3.4 0/8] 3.4.94-stable review Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140612232238.789898097@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ben@decadent.org.uk \
--cc=jiang.liu@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=minchan@kernel.org \
--cc=stable@vger.kernel.org \
--cc=wangyijing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.