On 06/06/2013 06:07 PM, Jiang Liu wrote: > zram_slot_free_notify() is free-running without any protection from > concurrent operations. So there are race conditions between > zram_bvec_read()/zram_bvec_write() and zram_slot_free_notify(), > and possible consequences include: > 1) Trigger BUG_ON(!handle) on zram_bvec_write() side. > 2) Access to freed pages on zram_bvec_read() side. > 3) Break some fields (bad_compress, good_compress, pages_stored) > in zram->stats if the swap layer makes concurrently call to > zram_slot_free_notify(). > > So enhance zram_slot_free_notify() to acquire writer lock on zram->lock > before calling zram_free_page(). > > Signed-off-by: Jiang Liu <jiang.liu@xxxxxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx Acked-by: Jerome Marchand <jmarchand@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html