On Fri, Jun 07, 2013 at 12:07:23AM +0800, Jiang Liu wrote: > zram_slot_free_notify() is free-running without any protection from > concurrent operations. So there are race conditions between > zram_bvec_read()/zram_bvec_write() and zram_slot_free_notify(), > and possible consequences include: > 1) Trigger BUG_ON(!handle) on zram_bvec_write() side. > 2) Access to freed pages on zram_bvec_read() side. > 3) Break some fields (bad_compress, good_compress, pages_stored) > in zram->stats if the swap layer makes concurrently call to > zram_slot_free_notify(). > > So enhance zram_slot_free_notify() to acquire writer lock on zram->lock > before calling zram_free_page(). >
If someone try to read/write *active* swap device via opening block device file(it's not sane but we couldn't prevent it), the race between zram_slot_free_notify and zram_bvec_[read|write] can happen. In such case, following problem for example can happen. 1. xxx 2. xxx 3. xxx So this patch closes the race with zram->lock write-side lock. > Signed-off-by: Jiang Liu <jiang....@huawei.com> > Cc: sta...@vger.kernel.org Acked-by: Minchan Kim <minc...@kernel.org> But please rewrite the description. -- Kind regards, Minchan Kim -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
