Hello, Andrew, I missed Dan's Reported-by. I don't want to discard his credit. Would you please add it? Reporeted-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> On Mon, Jan 13, 2014 at 03:59:57PM -0800, akpm@xxxxxxxxxxxxxxxxxxxx wrote: > Subject: + zram-fix-race-between-reset-and-flushing-pending-work.patch added to -mm tree > To: minchan@xxxxxxxxxx,jmarchan@xxxxxxxxxx,ngupta@xxxxxxxxxx,sergey.senozhatsky@xxxxxxxxx,stable@xxxxxxxxxxxxxxx > From: akpm@xxxxxxxxxxxxxxxxxxxx > Date: Mon, 13 Jan 2014 15:59:57 -0800 > > > The patch titled > Subject: zram: fix race between reset and flushing pending work > has been added to the -mm tree. Its filename is > zram-fix-race-between-reset-and-flushing-pending-work.patch > > This patch should soon appear at > http://ozlabs.org/~akpm/mmots/broken-out/zram-fix-race-between-reset-and-flushing-pending-work.patch > and later at > http://ozlabs.org/~akpm/mmotm/broken-out/zram-fix-race-between-reset-and-flushing-pending-work.patch > > Before you just go and hit "reply", please: > a) Consider who else should be cc'ed > b) Prefer to cc a suitable mailing list as well > c) Ideally: find the original patch on the mailing list and do a > reply-to-all to that, adding suitable additional cc's > > *** Remember to use Documentation/SubmitChecklist when testing your code *** > > The -mm tree is included into linux-next and is updated > there every 3-4 working days > > ------------------------------------------------------ > From: Minchan Kim <minchan@xxxxxxxxxx> > Subject: zram: fix race between reset and flushing pending work > > Dan and Sergey reported that there is a racy between reset and flushing of > pending work so that it could make oops by freeing zram->meta in reset > while zram_slot_free can access zram->meta if new request is adding during > the race window. > > This patch moves flush after taking init_lock so it prevents new request > so that it closes the race. > > Signed-off-by: Minchan Kim <minchan@xxxxxxxxxx> > Cc: Nitin Gupta <ngupta@xxxxxxxxxx> > Cc: Jerome Marchand <jmarchan@xxxxxxxxxx> > Cc: Sergey Senozhatsky <sergey.senozhatsky@xxxxxxxxx> > Cc: stable <stable@xxxxxxxxxxxxxxx> > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > --- > > drivers/block/zram/zram_drv.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff -puN drivers/block/zram/zram_drv.c~zram-fix-race-between-reset-and-flushing-pending-work drivers/block/zram/zram_drv.c > --- a/drivers/block/zram/zram_drv.c~zram-fix-race-between-reset-and-flushing-pending-work > +++ a/drivers/block/zram/zram_drv.c > @@ -553,14 +553,14 @@ static void zram_reset_device(struct zra > size_t index; > struct zram_meta *meta; > > - flush_work(&zram->free_work); > - > down_write(&zram->init_lock); > if (!zram->init_done) { > up_write(&zram->init_lock); > return; > } > > + flush_work(&zram->free_work); > + > meta = zram->meta; > zram->init_done = 0; > > _ > > Patches currently in -mm which might be from minchan@xxxxxxxxxx are > > mm-remove-bug_on-from-mlock_vma_page.patch > mm-hugetlb-use-get_page_foll-in-follow_hugetlb_page.patch > mm-hugetlbfs-move-the-put-get_page-slab-and-hugetlbfs-optimization-in-a-faster-path.patch > mm-thp-optimize-compound_trans_huge.patch > mm-tail-page-refcounting-optimization-for-slab-and-hugetlbfs.patch > mm-hugetlbfs-use-__compound_tail_refcounted-in-__get_page_tail-too.patch > mm-hugetlbc-simplify-pageheadhuge-and-pagehuge.patch > mm-swapc-reorganize-put_compound_page.patch > mm-hugetlbc-defer-pageheadhuge-symbol-export.patch > memblock-numa-introduce-flags-field-into-memblock.patch > memblock-mem_hotplug-introduce-memblock_hotplug-flag-to-mark-hotpluggable-regions.patch > memblock-make-memblock_set_node-support-different-memblock_type.patch > acpi-numa-mem_hotplug-mark-hotpluggable-memory-in-memblock.patch > acpi-numa-mem_hotplug-mark-all-nodes-the-kernel-resides-un-hotpluggable.patch > memblock-mem_hotplug-make-memblock-skip-hotpluggable-regions-if-needed.patch > x86-numa-acpi-memory-hotplug-make-movable_node-have-higher-priority.patch > mm-zswapc-change-params-from-hidden-to-ro.patch > mm-zswap-check-all-pool-pages-instead-of-one-pools-pages.patch > swap-add-a-simple-detector-for-inappropriate-swapin-readahead.patch > linux-next.patch > zsmalloc-move-it-under-mm.patch > zram-promote-zram-from-staging.patch > zram-remove-old-private-project-comment.patch > zram-add-copyright.patch > zsmalloc-add-copyright.patch > zram-add-zram-maintainers.patch > zsmalloc-add-maintainers.patch > zram-fix-race-between-reset-and-flushing-pending-work.patch > zram-delay-pending-free-request-in-read-path.patch > zram-remove-unnecessary-free.patch > debugging-keep-track-of-page-owners.patch > zram-use-atomic-operation-for-stat.patch > -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html