diff options
| author | Sergey Senozhatsky <[email protected]> | 2025-09-09 04:48:35 +0000 |
|---|---|---|
| committer | Andrew Morton <[email protected]> | 2025-09-16 03:01:45 +0000 |
| commit | ce4be9e4307c5a60701ff6e0cafa74caffdc54ce (patch) | |
| tree | 0379bbb43db4651c4e9d9de7b70725c86dc6b788 /scripts/make_fit.py | |
| parent | nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (diff) | |
| download | kernel-ce4be9e4307c5a60701ff6e0cafa74caffdc54ce.tar.gz kernel-ce4be9e4307c5a60701ff6e0cafa74caffdc54ce.zip | |
zram: fix slot write race condition
Parallel concurrent writes to the same zram index result in leaked
zsmalloc handles. Schematically we can have something like this:
CPU0 CPU1
zram_slot_lock()
zs_free(handle)
zram_slot_lock()
zram_slot_lock()
zs_free(handle)
zram_slot_lock()
compress compress
handle = zs_malloc() handle = zs_malloc()
zram_slot_lock
zram_set_handle(handle)
zram_slot_lock
zram_slot_lock
zram_set_handle(handle)
zram_slot_lock
Either CPU0 or CPU1 zsmalloc handle will leak because zs_free() is done
too early. In fact, we need to reset zram entry right before we set its
new handle, all under the same slot lock scope.
Link: https://lkml.kernel.org/r/[email protected]
Fixes: 71268035f5d7 ("zram: free slot memory early during write")
Signed-off-by: Sergey Senozhatsky <[email protected]>
Reported-by: Changhui Zhong <[email protected]>
Closes: https://lore.kernel.org/all/CAGVVp+UtpGoW5WEdEU7uVTtsSCjPN=ksN6EcvyypAtFDOUf30A@mail.gmail.com/
Tested-by: Changhui Zhong <[email protected]>
Cc: Jens Axboe <[email protected]>
Cc: Minchan Kim <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Diffstat (limited to 'scripts/make_fit.py')
0 files changed, 0 insertions, 0 deletions