Patchwork [3.8.y.z,extended,stable] Patch "zram: avoid invalid memory access in zram_exit()" has been added to staging queue

mail settings
Submitter Luis Henriques
Date July 9, 2013, 4:28 p.m.
Message ID <>
Download mbox | patch
Permalink /patch/257750/
State New
Headers show


Luis Henriques - July 9, 2013, 4:28 p.m.
This is a note to let you know that I have just added a patch titled

    zram: avoid invalid memory access in zram_exit()

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:;a=shortlog;h=refs/heads/linux-3.8.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see



From eecea4e80c98e181d090d290a309973908d7e1f1 Mon Sep 17 00:00:00 2001
From: Jiang Liu <>
Date: Fri, 7 Jun 2013 00:07:22 +0800
Subject: [PATCH] zram: avoid invalid memory access in zram_exit()

commit 6030ea9b35971a4200062f010341ab832e878ac9 upstream.

Memory for zram->disk object may have already been freed after returning
from destroy_device(zram), then it's unsafe for zram_reset_device(zram)
to access zram->disk again.

We can't solve this bug by flipping the order of destroy_device(zram)
and zram_reset_device(zram), that will cause deadlock issues to the
zram sysfs handler.

So fix it by holding an extra reference to zram->disk before calling

Signed-off-by: Jiang Liu <>
Signed-off-by: Greg Kroah-Hartman <>
[ luis: backported to 3.8: adjusted context ]
Signed-off-by: Luis Henriques <>
 drivers/staging/zram/zram_drv.c | 2 ++
 1 file changed, 2 insertions(+)



diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c
index 071e058..c9c1e0e 100644
--- a/drivers/staging/zram/zram_drv.c
+++ b/drivers/staging/zram/zram_drv.c
@@ -764,9 +764,11 @@  static void __exit zram_exit(void)
 	for (i = 0; i < num_devices; i++) {
 		zram = &zram_devices[i];

+		get_disk(zram->disk);
 		if (zram->init_done)
+		put_disk(zram->disk);

 	unregister_blkdev(zram_major, "zram");