Commit 7902a50c authored by Ming Lei's avatar Ming Lei Committed by Zheng Zengkai
Browse files

zram: avoid race between zram_remove and disksize_store 

mainline inclusion
from mainline-v5.16-rc1
commit 5a4b6536
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I674BF
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5a4b653655d554b5f51a5d2252882708c56a6f7e



--------------------------------

After resetting device in zram_remove(), disksize_store still may come and
allocate resources again before deleting gendisk, fix the race by resetting
zram after del_gendisk() returns. At that time, disksize_store can't come
any more.

Reported-by: default avatarLuis Chamberlain <mcgrof@kernel.org>
Reviewed-by: default avatarLuis Chamberlain <mcgrof@kernel.org>
Signed-off-by: default avatarMing Lei <ming.lei@redhat.com>
Acked-by: default avatarMinchan Kim <minchan@kernel.org>
Link: https://lore.kernel.org/r/20211025025426.2815424-4-ming.lei@redhat.com


Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>

Conflicts:
	drivers/block/zram/zram_drv.c

Signed-off-by: default avatarLonglong Xia <xialonglong1@huawei.com>
Reviewed-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 0896ad4c

drivers/block/zram/zram_drv.c

+7 −0
Original line number Diff line number Diff line
@@ -2023,6 +2023,13 @@ static int zram_remove(struct zram *zram) 
	/* del_gendisk drains pending reset_store */

	WARN_ON_ONCE(claimed && zram->claim);



	/*

	 * disksize_store() may be called in between zram_reset_device()

	 * and del_gendisk(), so run the last reset to avoid leaking

	 * anything allocated with disksize_store()

	 */

	zram_reset_device(zram);



	blk_cleanup_queue(zram->disk->queue);

	put_disk(zram->disk);

	kfree(zram);