Subject: + zram-fix-race-between-reset-and-flushing-pending-work.patch added to -mm tree To: minchan@xxxxxxxxxx,jmarchan@xxxxxxxxxx,ngupta@xxxxxxxxxx,sergey.senozhatsky@xxxxxxxxx,stable@xxxxxxxxxxxxxxx From: akpm@xxxxxxxxxxxxxxxxxxxx Date: Mon, 13 Jan 2014 15:59:57 -0800 The patch titled Subject: zram: fix race between reset and flushing pending work has been added to the -mm tree. Its filename is zram-fix-race-between-reset-and-flushing-pending-work.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/zram-fix-race-between-reset-and-flushing-pending-work.patch and later at http://ozlabs.org/~akpm/mmotm/broken-out/zram-fix-race-between-reset-and-flushing-pending-work.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Minchan Kim <minchan@xxxxxxxxxx> Subject: zram: fix race between reset and flushing pending work Dan and Sergey reported that there is a racy between reset and flushing of pending work so that it could make oops by freeing zram->meta in reset while zram_slot_free can access zram->meta if new request is adding during the race window. This patch moves flush after taking init_lock so it prevents new request so that it closes the race. Signed-off-by: Minchan Kim <minchan@xxxxxxxxxx> Cc: Nitin Gupta <ngupta@xxxxxxxxxx> Cc: Jerome Marchand <jmarchan@xxxxxxxxxx> Cc: Sergey Senozhatsky <sergey.senozhatsky@xxxxxxxxx> Cc: stable <stable@xxxxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- drivers/block/zram/zram_drv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff -puN drivers/block/zram/zram_drv.c~zram-fix-race-between-reset-and-flushing-pending-work drivers/block/zram/zram_drv.c --- a/drivers/block/zram/zram_drv.c~zram-fix-race-between-reset-and-flushing-pending-work +++ a/drivers/block/zram/zram_drv.c @@ -553,14 +553,14 @@ static void zram_reset_device(struct zra size_t index; struct zram_meta *meta; - flush_work(&zram->free_work); - down_write(&zram->init_lock); if (!zram->init_done) { up_write(&zram->init_lock); return; } + flush_work(&zram->free_work); + meta = zram->meta; zram->init_done = 0; _ Patches currently in -mm which might be from minchan@xxxxxxxxxx are mm-remove-bug_on-from-mlock_vma_page.patch mm-hugetlb-use-get_page_foll-in-follow_hugetlb_page.patch mm-hugetlbfs-move-the-put-get_page-slab-and-hugetlbfs-optimization-in-a-faster-path.patch mm-thp-optimize-compound_trans_huge.patch mm-tail-page-refcounting-optimization-for-slab-and-hugetlbfs.patch mm-hugetlbfs-use-__compound_tail_refcounted-in-__get_page_tail-too.patch mm-hugetlbc-simplify-pageheadhuge-and-pagehuge.patch mm-swapc-reorganize-put_compound_page.patch mm-hugetlbc-defer-pageheadhuge-symbol-export.patch memblock-numa-introduce-flags-field-into-memblock.patch memblock-mem_hotplug-introduce-memblock_hotplug-flag-to-mark-hotpluggable-regions.patch memblock-make-memblock_set_node-support-different-memblock_type.patch acpi-numa-mem_hotplug-mark-hotpluggable-memory-in-memblock.patch acpi-numa-mem_hotplug-mark-all-nodes-the-kernel-resides-un-hotpluggable.patch memblock-mem_hotplug-make-memblock-skip-hotpluggable-regions-if-needed.patch x86-numa-acpi-memory-hotplug-make-movable_node-have-higher-priority.patch mm-zswapc-change-params-from-hidden-to-ro.patch mm-zswap-check-all-pool-pages-instead-of-one-pools-pages.patch swap-add-a-simple-detector-for-inappropriate-swapin-readahead.patch linux-next.patch zsmalloc-move-it-under-mm.patch zram-promote-zram-from-staging.patch zram-remove-old-private-project-comment.patch zram-add-copyright.patch zsmalloc-add-copyright.patch zram-add-zram-maintainers.patch zsmalloc-add-maintainers.patch zram-fix-race-between-reset-and-flushing-pending-work.patch zram-delay-pending-free-request-in-read-path.patch zram-remove-unnecessary-free.patch debugging-keep-track-of-page-owners.patch zram-use-atomic-operation-for-stat.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html