This patch fixes "mm: zcache: core functions added" patch,
available at https://lkml.org/lkml/2013/7/20/90.
It regards incorrect implementation of zcache_cleancache_flush_fs().
Function above should be effective only if cleancache pool referred
by pool_id is valid. This issue is checked by testing whether zpool
points to NULL.
Unfortunately, if filesystem mount fails, such pool is never created
and fs/super.c calls cleancache_invalidate_fs() function with pool_id
parameter set to -1. This results in assigning zpool with pools[-1],
which causes zpool to be not NULL and thus whole function hangs on
uninitialized read-write lock.
To prevent that behaviour, pool_id should be checked for being positive
before assigning zpool variable with pools[pool_id].
Signed-off-by: Piotr Sarna <[email protected]>
Acked-by: Bartlomiej Zolnierkiewicz <[email protected]>
Signed-off-by: Kyungmin Park <[email protected]>
---
mm/zcache.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/mm/zcache.c b/mm/zcache.c
index a2408e8..7e6d2e7 100644
--- a/mm/zcache.c
+++ b/mm/zcache.c
@@ -600,8 +600,12 @@ static void zcache_cleancache_flush_fs(int pool_id)
struct zcache_rb_entry *entry = NULL;
struct rb_node *node;
unsigned long flags1, flags2;
- struct zcache_pool *zpool = zcache.pools[pool_id];
+ struct zcache_pool *zpool;
+
+ if (pool_id < 0)
+ return;
+ zpool = zcache.pools[pool_id];
if (!zpool)
return;
--
1.7.9.5
Hi Piotr,
On 08/06/2013 05:36 PM, Piotr Sarna wrote:
> This patch fixes "mm: zcache: core functions added" patch,
> available at https://lkml.org/lkml/2013/7/20/90.
> It regards incorrect implementation of zcache_cleancache_flush_fs().
>
> Function above should be effective only if cleancache pool referred
> by pool_id is valid. This issue is checked by testing whether zpool
> points to NULL.
>
> Unfortunately, if filesystem mount fails, such pool is never created
> and fs/super.c calls cleancache_invalidate_fs() function with pool_id
> parameter set to -1. This results in assigning zpool with pools[-1],
> which causes zpool to be not NULL and thus whole function hangs on
> uninitialized read-write lock.
>
> To prevent that behaviour, pool_id should be checked for being positive
> before assigning zpool variable with pools[pool_id].
>
> Signed-off-by: Piotr Sarna <[email protected]>
> Acked-by: Bartlomiej Zolnierkiewicz <[email protected]>
> Signed-off-by: Kyungmin Park <[email protected]>
Yes, that's a problem. Thank you very much!
I'm so glad you are also interesting in zcache. I'm preparing a update
version of zcache which is still under testing currently.
> ---
> mm/zcache.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/mm/zcache.c b/mm/zcache.c
> index a2408e8..7e6d2e7 100644
> --- a/mm/zcache.c
> +++ b/mm/zcache.c
> @@ -600,8 +600,12 @@ static void zcache_cleancache_flush_fs(int pool_id)
> struct zcache_rb_entry *entry = NULL;
> struct rb_node *node;
> unsigned long flags1, flags2;
> - struct zcache_pool *zpool = zcache.pools[pool_id];
> + struct zcache_pool *zpool;
> +
> + if (pool_id < 0)
> + return;
>
> + zpool = zcache.pools[pool_id];
> if (!zpool)
> return;
>
>
--
Regards,
-Bob