[PATCH v3 02/10] zram: use zram->lock to protect zram_free_page() in swap free notify path
Minchan Kim
minchan at kernel.org
Fri Jun 7 08:05:34 UTC 2013
On Fri, Jun 07, 2013 at 12:07:23AM +0800, Jiang Liu wrote:
> zram_slot_free_notify() is free-running without any protection from
> concurrent operations. So there are race conditions between
> zram_bvec_read()/zram_bvec_write() and zram_slot_free_notify(),
> and possible consequences include:
> 1) Trigger BUG_ON(!handle) on zram_bvec_write() side.
> 2) Access to freed pages on zram_bvec_read() side.
> 3) Break some fields (bad_compress, good_compress, pages_stored)
> in zram->stats if the swap layer makes concurrently call to
> zram_slot_free_notify().
>
> So enhance zram_slot_free_notify() to acquire writer lock on zram->lock
> before calling zram_free_page().
>
If someone try to read/write *active* swap device via opening
block device file(it's not sane but we couldn't prevent it),
the race between zram_slot_free_notify and zram_bvec_[read|write] can happen.
In such case, following problem for example can happen.
1. xxx
2. xxx
3. xxx
So this patch closes the race with zram->lock write-side lock.
> Signed-off-by: Jiang Liu <jiang.liu at huawei.com>
> Cc: stable at vger.kernel.org
Acked-by: Minchan Kim <minchan at kernel.org>
But please rewrite the description.
--
Kind regards,
Minchan Kim
More information about the devel
mailing list