Dan,
On 10/23/2012 07:17 AM, Dan Carpenter wrote:
Hello Nitin Gupta,
The patch c8f2f0db1d02: "staging: zram: Fix handling of
incompressible pages" from Oct 10, 2012, leads to the following
warning:
drivers/staging/zram/zram_drv.c:352 zram_bvec_write()
warn: 'uncmem' was already freed.
338 ret = lzo1x_1_compress(uncmem, PAGE_SIZE, src, &clen,
339 zram->compress_workmem);
340
341 kunmap_atomic(user_mem);
342 if (is_partial_io(bvec))
343 kfree(uncmem);
^^^^^^^^^^^^^^
freed here. (Also indented too far).
344
345 if (unlikely(ret != LZO_E_OK)) {
346 pr_err("Compression failed! err=%d\n", ret);
347 goto out;
348 }
349
350 if (unlikely(clen > max_zpage_size)) {
351 zram_stat_inc(&zram->stats.bad_compress);
352 src = uncmem;
^^^^^^^^^^^^^
re-used.
353 clen = PAGE_SIZE;
354 }
I haven't analyzed this at all, it may not be a bug.
This is indeed a use after bug for the case when a partial (non
PAGE_SIZE'ed) write requests updates existing contents such that the
updated data expands on compression. I will be sending a fix soon.
Thanks,
Nitin
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
