Patchwork [3.8.y.z,extended,stable] Patch "zram: use zram->lock to protect zram_free_page() in swap free" has been added to staging queue

mail settings
Submitter Luis Henriques
Date July 9, 2013, 4:28 p.m.
Message ID <>
Download mbox | patch
Permalink /patch/257751/
State New
Headers show


Luis Henriques - July 9, 2013, 4:28 p.m.
This is a note to let you know that I have just added a patch titled

    zram: use zram->lock to protect zram_free_page() in swap free

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:;a=shortlog;h=refs/heads/linux-3.8.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see



From f56c0e44628257f97063089eb865d5eb2dfdd642 Mon Sep 17 00:00:00 2001
From: Jiang Liu <>
Date: Fri, 7 Jun 2013 00:07:23 +0800
Subject: [PATCH] zram: use zram->lock to protect zram_free_page() in swap free
 notify path

commit 57ab048532c0d975538cebd4456491b5c34248f4 upstream.

zram_slot_free_notify() is free-running without any protection from
concurrent operations. So there are race conditions between
zram_bvec_read()/zram_bvec_write() and zram_slot_free_notify(),
and possible consequences include:
1) Trigger BUG_ON(!handle) on zram_bvec_write() side.
2) Access to freed pages on zram_bvec_read() side.
3) Break some fields (bad_compress, good_compress, pages_stored)
   in zram->stats if the swap layer makes concurrently call to

So enhance zram_slot_free_notify() to acquire writer lock on zram->lock
before calling zram_free_page().

Signed-off-by: Jiang Liu <>
Signed-off-by: Greg Kroah-Hartman <>
[ luis: backported to 3.8: adjusted context ]
Signed-off-by: Luis Henriques <>
 drivers/staging/zram/zram_drv.c | 2 ++
 drivers/staging/zram/zram_drv.h | 5 +++--
 2 files changed, 5 insertions(+), 2 deletions(-)



diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c
index c9c1e0e..0113897 100644
--- a/drivers/staging/zram/zram_drv.c
+++ b/drivers/staging/zram/zram_drv.c
@@ -615,7 +615,9 @@  static void zram_slot_free_notify(struct block_device *bdev,
 	struct zram *zram;

 	zram = bdev->bd_disk->private_data;
+	down_write(&zram->lock);
 	zram_free_page(zram, index);
+	up_write(&zram->lock);
 	zram_stat64_inc(zram, &zram->stats.notify_free);

diff --git a/drivers/staging/zram/zram_drv.h b/drivers/staging/zram/zram_drv.h
index df2eec4..4265ab4 100644
--- a/drivers/staging/zram/zram_drv.h
+++ b/drivers/staging/zram/zram_drv.h
@@ -92,8 +92,9 @@  struct zram {
 	void *compress_buffer;
 	struct table *table;
 	spinlock_t stat64_lock;	/* protect 64-bit stats */
-	struct rw_semaphore lock; /* protect compression buffers and table
-				   * against concurrent read and writes */
+	struct rw_semaphore lock; /* protect compression buffers, table,
+				   * 32bit stat counters against concurrent
+				   * notifications, reads and writes */
 	struct request_queue *queue;
 	struct gendisk *disk;
 	int init_done;