MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
bcabc18865
linux-yocto/drivers/block
History
Sergey Senozhatsky ff750e9f2c zram: fix slot write race condition 
commit ce4be9e4307c5a60701ff6e0cafa74caffdc54ce upstream.

Parallel concurrent writes to the same zram index result in leaked
zsmalloc handles.  Schematically we can have something like this:

CPU0                              CPU1
zram_slot_lock()
zs_free(handle)
zram_slot_lock()
				zram_slot_lock()
				zs_free(handle)
				zram_slot_lock()

compress			compress
handle = zs_malloc()		handle = zs_malloc()
zram_slot_lock
zram_set_handle(handle)
zram_slot_lock
				zram_slot_lock
				zram_set_handle(handle)
				zram_slot_lock

Either CPU0 or CPU1 zsmalloc handle will leak because zs_free() is done
too early.  In fact, we need to reset zram entry right before we set its
new handle, all under the same slot lock scope.

Link: https://lkml.kernel.org/r/20250909045150.635345-1-senozhatsky@chromium.org
Fixes: 71268035f5 ("zram: free slot memory early during write")
Signed-off-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Reported-by: Changhui Zhong <czhong@redhat.com>
Closes: https://lore.kernel.org/all/CAGVVp+UtpGoW5WEdEU7uVTtsSCjPN=ksN6EcvyypAtFDOUf30A@mail.gmail.com/
Tested-by: Changhui Zhong <czhong@redhat.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Minchan Kim <minchan@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-09-25 11:16:45 +02:00
..
aoe block-6.16-20250619 2025-06-19 23:29:35 -07:00
drbd drbd: add missing kref_get in handle_write_conflicts 2025-08-20 18:40:55 +02:00
mtip32xx block: mtip32xx: Fix usage of dma_map_sg() 2025-08-15 16:38:22 +02:00
null_blk null_blk: Use strscpy() instead of strscpy_pad() in null_add_dev() 2025-04-11 07:10:46 -06:00
rnbd rnbd-srv: use bio_add_virt_nofail 2025-05-07 07:31:07 -06:00
xen-blkback xen/blkback: convert timeouts to secs_to_jiffies() 2025-01-12 20:21:03 -08:00
zram zram: fix slot write race condition 2025-09-25 11:16:45 +02:00
amiflop.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
ataflop.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
brd.c brd: fix sleeping function called from invalid context in brd_insert_page() 2025-07-01 08:14:01 -06:00
floppy.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
Kconfig Documentation: Document the new zoned loop block device driver 2025-05-01 17:03:56 -06:00
loop.c loop: Avoid updating block size under exclusive owner 2025-08-20 18:40:54 +02:00
Makefile block: new zoned loop block device driver 2025-05-01 17:03:56 -06:00
n64cart.c
nbd.c nbd: fix lockdep deadlock warning 2025-08-15 16:38:22 +02:00
pktcdvd.c block: remove the q argument from blk_rq_map_kern 2025-05-07 07:31:07 -06:00
ps3disk.c ps3disk: Do not use dev->bounce_size before it is set 2025-01-03 11:44:25 -07:00
ps3vram.c
rbd_types.h
rbd.c block: force noio scope in blk_mq_freeze_queue 2025-01-31 07:20:08 -07:00
rnull.rs rust: module: introduce authors key 2025-03-10 15:12:17 +01:00
sunvdc.c sunvdc: Balance device refcount in vdc_port_mpgroup_check 2025-08-20 18:40:47 +02:00
swim_asm.S
swim.c block: remove BLK_MQ_F_SHOULD_MERGE 2024-12-23 08:17:23 -07:00
swim3.c treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
ublk_drv.c ublk: check for unprivileged daemon on each I/O fetch 2025-08-20 18:41:33 +02:00
virtio_blk.c block: remove the q argument from blk_rq_map_kern 2025-05-07 07:31:07 -06:00
xen-blkfront.c block: remove unused parameter 'q' parameter in __blk_rq_map_sg() 2025-03-13 05:46:19 -06:00
z2ram.c block: remove BLK_MQ_F_SHOULD_MERGE 2024-12-23 08:17:23 -07:00
zloop.c zloop: fix KASAN use-after-free of tag set 2025-08-15 16:39:34 +02:00