From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752560AbcAOC5g (ORCPT ); Thu, 14 Jan 2016 21:57:36 -0500 Received: from LGEAMRELO13.lge.com ([156.147.23.53]:50543 "EHLO lgeamrelo13.lge.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751112AbcAOC5e (ORCPT ); Thu, 14 Jan 2016 21:57:34 -0500 X-Original-SENDERIP: 156.147.1.127 X-Original-MAILFROM: minchan@kernel.org X-Original-SENDERIP: 165.244.98.203 X-Original-MAILFROM: minchan@kernel.org X-Original-SENDERIP: 10.177.223.161 X-Original-MAILFROM: minchan@kernel.org Date: Fri, 15 Jan 2016 11:59:43 +0900 From: Minchan Kim To: Jerome Marchand CC: Nitin Gupta , Sergey Senozhatsky , linux-kernel@vger.kernel.org Subject: Re: [PATCH] zram: don't call idr_remove() from zram_remove() Message-ID: <20160115025943.GA11203@bbox> References: <1452776627-21662-1-git-send-email-jmarchan@redhat.com> MIME-Version: 1.0 In-Reply-To: <1452776627-21662-1-git-send-email-jmarchan@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-MIMETrack: Itemize by SMTP Server on LGEKRMHUB07/LGE/LG Group(Release 8.5.3FP6|November 21, 2013) at 2016/01/15 11:57:31, Serialize by Router on LGEKRMHUB07/LGE/LG Group(Release 8.5.3FP6|November 21, 2013) at 2016/01/15 11:57:31, Serialize complete at 2016/01/15 11:57:31 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 14, 2016 at 02:03:47PM +0100, Jerome Marchand wrote: > The use of idr_remove() is forbidden in the callback functions of > idr_for_each(). It is therefore unsafe to call idr_remove in > zram_remove(). > This patch moves the call to idr_remove() from zram_remove() to > hot_remove_store(). In the detroy_devices() path, idrs are removed by > idr_destroy(). > This solves an use-after-free detected by KASan. > > Signed-off-by: Jerome Marchand Acked-by: Minchan Kim with Sergey's nitpick Thanks!