From: Jiang Liu <liuj97@gmail.com>
To: Minchan Kim <minchan@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Nitin Gupta <ngupta@vflare.org>,
Jerome Marchand <jmarchan@redhat.com>,
Yijing Wang <wangyijing@huawei.com>,
Jiang Liu <jiang.liu@huawei.com>,
devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH v1 2/8] zram: avoid invalid memory access in zram_exit()
Date: Tue, 04 Jun 2013 22:27:49 +0800 [thread overview]
Message-ID: <51ADF965.3000905@gmail.com> (raw)
In-Reply-To: <20130604090309.GB28551@blaptop>
On Tue 04 Jun 2013 05:03:09 PM CST, Minchan Kim wrote:
> On Mon, Jun 03, 2013 at 11:42:14PM +0800, Jiang Liu wrote:
>> Memory for zram->disk object may have already been freed after returning
>> from destroy_device(zram), then it's unsafe for zram_reset_device(zram)
>> to access zram->disk again.
>>
>> Fix it by holding an extra reference to zram->disk before calling
>> destroy_device(zram).
>>
>> Signed-off-by: Jiang Liu <jiang.liu@huawei.com>
>> ---
>> drivers/staging/zram/zram_drv.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c
>> index e34e3fe..ee6b67d 100644
>> --- a/drivers/staging/zram/zram_drv.c
>> +++ b/drivers/staging/zram/zram_drv.c
>> @@ -727,8 +727,10 @@ static void __exit zram_exit(void)
>> for (i = 0; i < num_devices; i++) {
>> zram = &zram_devices[i];
>>
>> + get_disk(zram->disk);
>> destroy_device(zram);
>> zram_reset_device(zram);
>> + put_disk(zram->disk);
>
> Can't we simple reverse calling order of above two functions?
>
> zram_reset_device(zram);
> destroy_device(zram);
>
Hi Minchan,
We can't solve this bug by changing the order of the two functions.
If we change the order, it will cause corner cases to zram sysfs
handler,
which will be hard to solve too.
Regards!
Gerry
next prev parent reply other threads:[~2013-06-04 14:28 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-03 15:42 [RFC PATCH v1 0/8] small bugfixes and code improvements for zram Jiang Liu
2013-06-03 15:42 ` [RFC PATCH v1 1/8] zram: simplify and optimize zram_to_dev() Jiang Liu
2013-06-04 13:09 ` Jerome Marchand
2013-06-04 14:31 ` Jiang Liu
2013-06-03 15:42 ` [RFC PATCH v1 2/8] zram: avoid invalid memory access in zram_exit() Jiang Liu
2013-06-04 9:03 ` Minchan Kim
2013-06-04 14:27 ` Jiang Liu [this message]
2013-06-03 15:42 ` [RFC PATCH v1 3/8] zram: use zram->lock to protect zram_free_page() in swap free notify path Jiang Liu
2013-06-03 15:42 ` [RFC PATCH v1 4/8] zram: destroy all devices on error recovery path in zram_init() Jiang Liu
2013-06-04 8:49 ` Dan Carpenter
2013-06-04 14:57 ` Jiang Liu
2013-06-03 15:42 ` [RFC PATCH v1 5/8] zram: avoid double free in error recovery path of zram_bvec_write() Jiang Liu
2013-06-04 13:27 ` Jerome Marchand
2013-06-03 15:42 ` [RFC PATCH v1 6/8] zram: avoid access beyond the zram device Jiang Liu
2013-06-04 13:15 ` Jerome Marchand
2013-06-04 15:09 ` Jiang Liu
2013-06-05 8:52 ` Jerome Marchand
2013-06-03 15:42 ` [RFC PATCH v1 7/8] zram: optimize memory operations with clear_page()/copy_page() Jiang Liu
2013-06-03 15:42 ` [RFC PATCH v1 8/8] zram: protect sysfs handler from invalid memory access Jiang Liu
2013-06-04 9:00 ` [RFC PATCH v1 0/8] small bugfixes and code improvements for zram Minchan Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51ADF965.3000905@gmail.com \
--to=liuj97@gmail.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=jiang.liu@huawei.com \
--cc=jmarchan@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=minchan@kernel.org \
--cc=ngupta@vflare.org \
--cc=wangyijing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox