Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753035Ab3FFQK6 (ORCPT ); Thu, 6 Jun 2013 12:10:58 -0400 Received: from mail-pd0-f176.google.com ([209.85.192.176]:64754 "EHLO mail-pd0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752991Ab3FFQK4 (ORCPT ); Thu, 6 Jun 2013 12:10:56 -0400 From: Jiang Liu To: Greg Kroah-Hartman , Nitin Gupta , Minchan Kim , Jerome Marchand Cc: Jiang Liu , devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH v3 01/10] zram: avoid invalid memory access in zram_exit() Date: Fri, 7 Jun 2013 00:07:22 +0800 Message-Id: <1370534851-26056-2-git-send-email-jiang.liu@huawei.com> X-Mailer: git-send-email 1.8.1.2 In-Reply-To: <1370534851-26056-1-git-send-email-jiang.liu@huawei.com> References: <1370534851-26056-1-git-send-email-jiang.liu@huawei.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1295 Lines: 40 Memory for zram->disk object may have already been freed after returning from destroy_device(zram), then it's unsafe for zram_reset_device(zram) to access zram->disk again. We can't solve this bug by flipping the order of destroy_device(zram) and zram_reset_device(zram), that will cause deadlock issues to the zram sysfs handler. So fix it by holding an extra reference to zram->disk before calling destroy_device(zram). Signed-off-by: Jiang Liu Cc: stable@vger.kernel.org --- drivers/staging/zram/zram_drv.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c index e34e3fe..ee6b67d 100644 --- a/drivers/staging/zram/zram_drv.c +++ b/drivers/staging/zram/zram_drv.c @@ -727,8 +727,10 @@ static void __exit zram_exit(void) for (i = 0; i < num_devices; i++) { zram = &zram_devices[i]; + get_disk(zram->disk); destroy_device(zram); zram_reset_device(zram); + put_disk(zram->disk); } unregister_blkdev(zram_major, "zram"); -- 1.8.1.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/