From: Dan Carpenter <dan.carpenter@oracle.com>
To: ming.lei@redhat.com
Cc: Sergey Senozhatsky <senozhatsky@chromium.org>,
linux-block@vger.kernel.org
Subject: [bug report] zram: avoid race between zram_remove and disksize_store
Date: Thu, 4 Nov 2021 14:48:30 +0300 [thread overview]
Message-ID: <20211104114830.GA4962@kili> (raw)
Hello Ming Lei,
The patch 5a4b653655d5: "zram: avoid race between zram_remove and
disksize_store" from Oct 25, 2021, leads to the following Smatch
static checker warning:
drivers/block/zram/zram_drv.c:2044 zram_remove()
warn: 'zram->mem_pool' double freed
drivers/block/zram/zram_drv.c
2002 static int zram_remove(struct zram *zram)
2003 {
2004 struct block_device *bdev = zram->disk->part0;
2005 bool claimed;
2006
2007 mutex_lock(&bdev->bd_disk->open_mutex);
2008 if (bdev->bd_openers) {
2009 mutex_unlock(&bdev->bd_disk->open_mutex);
2010 return -EBUSY;
2011 }
2012
2013 claimed = zram->claim;
2014 if (!claimed)
2015 zram->claim = true;
2016 mutex_unlock(&bdev->bd_disk->open_mutex);
2017
2018 zram_debugfs_unregister(zram);
2019
2020 if (claimed) {
2021 /*
2022 * If we were claimed by reset_store(), del_gendisk() will
2023 * wait until reset_store() is done, so nothing need to do.
2024 */
2025 ;
2026 } else {
2027 /* Make sure all the pending I/O are finished */
2028 sync_blockdev(bdev);
2029 zram_reset_device(zram);
^^^^^^^^^^^^^^^^^^^^^^^^
This frees zram->mem_pool in zram_meta_free().
2030 }
2031
2032 pr_info("Removed device: %s\n", zram->disk->disk_name);
2033
2034 del_gendisk(zram->disk);
2035
2036 /* del_gendisk drains pending reset_store */
2037 WARN_ON_ONCE(claimed && zram->claim);
2038
2039 /*
2040 * disksize_store() may be called in between zram_reset_device()
2041 * and del_gendisk(), so run the last reset to avoid leaking
2042 * anything allocated with disksize_store()
2043 */
--> 2044 zram_reset_device(zram);
This double frees it.
2045
2046 blk_cleanup_disk(zram->disk);
2047 kfree(zram);
2048 return 0;
2049 }
regards,
dan carpenter
next reply other threads:[~2021-11-04 11:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-04 11:48 Dan Carpenter [this message]
2021-11-04 11:49 ` [bug report] zram: avoid race between zram_remove and disksize_store Dan Carpenter
2021-11-05 0:23 ` Ming Lei
2021-11-05 9:18 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211104114830.GA4962@kili \
--to=dan.carpenter@oracle.com \
--cc=linux-block@vger.kernel.org \
--cc=ming.lei@redhat.com \
--cc=senozhatsky@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.