Steven Rostedt <rostedt@xxxxxxxxxxx> writes: > 3.6.11.9-rc1 stable review patch. > If anyone has any objections, please let me know. This commit seems to cause regressions [1]. There's a fix for it with commit a0c516cbfc7452c8cbd564525fef66d9f20b46d1 but it doesn't apply cleanly (it probably requires several other commits to be backported). Thus, I am reverting it from the 3.5 extended stable kernel. [1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1215513 Cheers, -- Luis > > ------------------ > > From: Jiang Liu <liuj97@xxxxxxxxx> > > [ Upstream commit 57ab048532c0d975538cebd4456491b5c34248f4 ] > > zram_slot_free_notify() is free-running without any protection from > concurrent operations. So there are race conditions between > zram_bvec_read()/zram_bvec_write() and zram_slot_free_notify(), > and possible consequences include: > 1) Trigger BUG_ON(!handle) on zram_bvec_write() side. > 2) Access to freed pages on zram_bvec_read() side. > 3) Break some fields (bad_compress, good_compress, pages_stored) > in zram->stats if the swap layer makes concurrently call to > zram_slot_free_notify(). > > So enhance zram_slot_free_notify() to acquire writer lock on zram->lock > before calling zram_free_page(). > > Signed-off-by: Jiang Liu <jiang.liu@xxxxxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > Signed-off-by: Steven Rostedt <rostedt@xxxxxxxxxxx> > --- > drivers/staging/zram/zram_drv.c | 2 ++ > drivers/staging/zram/zram_drv.h | 5 +++-- > 2 files changed, 5 insertions(+), 2 deletions(-) > > diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c > index 38a1b44..4322baf 100644 > --- a/drivers/staging/zram/zram_drv.c > +++ b/drivers/staging/zram/zram_drv.c > @@ -622,7 +622,9 @@ static void zram_slot_free_notify(struct block_device *bdev, > struct zram *zram; > > zram = bdev->bd_disk->private_data; > + down_write(&zram->lock); > zram_free_page(zram, index); > + up_write(&zram->lock); > zram_stat64_inc(zram, &zram->stats.notify_free); > } > > diff --git a/drivers/staging/zram/zram_drv.h b/drivers/staging/zram/zram_drv.h > index 572c0b1..a6eb5d9 100644 > --- a/drivers/staging/zram/zram_drv.h > +++ b/drivers/staging/zram/zram_drv.h > @@ -92,8 +92,9 @@ struct zram { > void *compress_buffer; > struct table *table; > spinlock_t stat64_lock; /* protect 64-bit stats */ > - struct rw_semaphore lock; /* protect compression buffers and table > - * against concurrent read and writes */ > + struct rw_semaphore lock; /* protect compression buffers, table, > + * 32bit stat counters against concurrent > + * notifications, reads and writes */ > struct request_queue *queue; > struct gendisk *disk; > int init_done; -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html