+ zram-dont-call-idr_remove-from-zram_remove.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The patch titled
     Subject: zram: don't call idr_remove() from zram_remove()
has been added to the -mm tree.  Its filename is
     zram-dont-call-idr_remove-from-zram_remove.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/zram-dont-call-idr_remove-from-zram_remove.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/zram-dont-call-idr_remove-from-zram_remove.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: "Jerome Marchand" <jmarchan@xxxxxxxxxx>
Subject: zram: don't call idr_remove() from zram_remove()

The use of idr_remove() is forbidden in the callback functions of
idr_for_each().  It is therefore unsafe to call idr_remove in
zram_remove().

This patch moves the call to idr_remove() from zram_remove() to
hot_remove_store().  In the detroy_devices() path, idrs are removed by
idr_destroy().  This solves an use-after-free detected by KASan.

Signed-off-by: Jerome Marchand <jmarchan@xxxxxxxxxx>
Acked-by: Sergey Senozhatsky <sergey.senozhatsky@xxxxxxxxx>
Cc: Minchan Kim <minchan@xxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>	[4.2+]
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 drivers/block/zram/zram_drv.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff -puN drivers/block/zram/zram_drv.c~zram-dont-call-idr_remove-from-zram_remove drivers/block/zram/zram_drv.c
--- a/drivers/block/zram/zram_drv.c~zram-dont-call-idr_remove-from-zram_remove
+++ a/drivers/block/zram/zram_drv.c
@@ -1325,7 +1325,6 @@ static int zram_remove(struct zram *zram
 
 	pr_info("Removed device: %s\n", zram->disk->disk_name);
 
-	idr_remove(&zram_index_idr, zram->disk->first_minor);
 	blk_cleanup_queue(zram->disk->queue);
 	del_gendisk(zram->disk);
 	put_disk(zram->disk);
@@ -1367,9 +1366,10 @@ static ssize_t hot_remove_store(struct c
 	mutex_lock(&zram_index_mutex);
 
 	zram = idr_find(&zram_index_idr, dev_id);
-	if (zram)
+	if (zram) {
 		ret = zram_remove(zram);
-	else
+		idr_remove(&zram_index_idr, dev_id);
+	} else
 		ret = -ENODEV;
 
 	mutex_unlock(&zram_index_mutex);
_

Patches currently in -mm which might be from jmarchan@xxxxxxxxxx are

mm-shmem-add-internal-shmem-resident-memory-accounting.patch
mm-procfs-breakdown-rss-for-anon-shmem-and-file-in-proc-pid-status.patch
zram-dont-call-idr_remove-from-zram_remove.patch

--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]