[3.8.y.z,extended,stable] Patch "zram: avoid invalid memory access in zram_exit()" has been added to staging queue

Message ID 1373387280-20885-1-git-send-email-luis.henriques@canonical.com
State New
Headers show

Commit Message

Luis Henriques July 9, 2013, 4:28 p.m.
This is a note to let you know that I have just added a patch titled

    zram: avoid invalid memory access in zram_exit()

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:


If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see



From eecea4e80c98e181d090d290a309973908d7e1f1 Mon Sep 17 00:00:00 2001
From: Jiang Liu <liuj97@gmail.com>
Date: Fri, 7 Jun 2013 00:07:22 +0800
Subject: [PATCH] zram: avoid invalid memory access in zram_exit()

commit 6030ea9b35971a4200062f010341ab832e878ac9 upstream.

Memory for zram->disk object may have already been freed after returning
from destroy_device(zram), then it's unsafe for zram_reset_device(zram)
to access zram->disk again.

We can't solve this bug by flipping the order of destroy_device(zram)
and zram_reset_device(zram), that will cause deadlock issues to the
zram sysfs handler.

So fix it by holding an extra reference to zram->disk before calling

Signed-off-by: Jiang Liu <jiang.liu@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ luis: backported to 3.8: adjusted context ]
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
 drivers/staging/zram/zram_drv.c | 2 ++
 1 file changed, 2 insertions(+)



diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c
index 071e058..c9c1e0e 100644
--- a/drivers/staging/zram/zram_drv.c
+++ b/drivers/staging/zram/zram_drv.c
@@ -764,9 +764,11 @@  static void __exit zram_exit(void)
 	for (i = 0; i < num_devices; i++) {
 		zram = &zram_devices[i];

+		get_disk(zram->disk);
 		if (zram->init_done)
+		put_disk(zram->disk);

 	unregister_blkdev(zram_major, "zram");