All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jiang Liu <liuj97@gmail.com>
To: Minchan Kim <minchan@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Nitin Gupta <ngupta@vflare.org>,
	Jerome Marchand <jmarchan@redhat.com>,
	Yijing Wang <wangyijing@huawei.com>,
	Jiang Liu <jiang.liu@huawei.com>,
	devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 02/10] zram: avoid invalid memory access in zram_exit()
Date: Wed, 05 Jun 2013 23:24:20 +0800	[thread overview]
Message-ID: <51AF5824.80706@gmail.com> (raw)
In-Reply-To: <20130605060442.GB8732@blaptop>

On Wed 05 Jun 2013 02:04:42 PM CST, Minchan Kim wrote:
> On Wed, Jun 05, 2013 at 12:06:00AM +0800, Jiang Liu wrote:
>> Memory for zram->disk object may have already been freed after returning
>> from destroy_device(zram), then it's unsafe for zram_reset_device(zram)
>> to access zram->disk again.
>>
>> We can't solve this bug by flipping the order of destroy_device(zram)
>> and zram_reset_device(zram), that will cause deadlock issues to the
>> zram sysfs handler.
>
> What kinds of deadlock happen?
> Could you elaborate it more?
>
Hi Minchan,
      I will try my best to explain the situation.
1) if we change the order as:
                zram_reset_device(zram);
                destroy_device(zram);
zram->meta could be rebuilt by disksize_store() just between
zram_reset_device(zram) and destroy_device(zram) because all sysfs
entries are still available, which then cause memory leak.

2) If we change the code as:
        down_write(&zram->init_lock);
        __zram_reset_device(zram);
        destroy_device(zram);
        up_write(&zram->init_lock);
Then it will cause a typical deadlock as:
Thread1:
1) acquire init_lock
2) destroy_device(zram);
2.a)sysfs_remove_group()
2.b) wait for all sysfs files to be closed and released.

Thread2:
1) echo xxm > disksize
2) open sysfs file and call disksize_store()
3) disksize_store() tries to acquire zram->init_lock

Then deadlock.

Regards!
Gerry

  reply	other threads:[~2013-06-05 15:24 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-06-04 16:05 [PATCH v2 01/10] zram: kill unused zram_get_num_devices() Jiang Liu
2013-06-04 16:06 ` [PATCH v2 02/10] zram: avoid invalid memory access in zram_exit() Jiang Liu
2013-06-05  6:04   ` Minchan Kim
2013-06-05 15:24     ` Jiang Liu [this message]
2013-06-04 16:06 ` [PATCH v2 03/10] zram: use zram->lock to protect zram_free_page() in swap free notify path Jiang Liu
2013-06-05  6:29   ` Minchan Kim
2013-06-05 16:00     ` Jiang Liu
2013-06-05 10:26   ` Jerome Marchand
2013-06-04 16:06 ` [PATCH v2 04/10] zram: destroy all devices on error recovery path in zram_init() Jiang Liu
2013-06-05  6:40   ` Minchan Kim
2013-06-05 10:40   ` Jerome Marchand
2013-06-04 16:06 ` [PATCH v2 05/10] zram: avoid double free in function zram_bvec_write() Jiang Liu
2013-06-05  6:41   ` Minchan Kim
2013-06-07  9:35   ` Jerome Marchand
2013-06-04 16:06 ` [PATCH v2 06/10] zram: avoid access beyond the zram device Jiang Liu
2013-06-05  6:43   ` Minchan Kim
2013-06-04 16:06 ` [PATCH v2 07/10] zram: optimize memory operations with clear_page()/copy_page() Jiang Liu
2013-06-05  6:57   ` Minchan Kim
2013-06-04 16:06 ` [PATCH v2 08/10] zram: protect sysfs handler from invalid memory access Jiang Liu
2013-06-05  7:03   ` Minchan Kim
2013-06-04 16:06 ` [PATCH v2 09/10] zram: minor code cleanup Jiang Liu
2013-06-05  7:13   ` Minchan Kim
2013-06-04 16:06 ` [PATCH v2 10/10] zram: use atomic64_xxx() to replace zram_stat64_xxx() Jiang Liu
2013-06-05 12:02   ` Jerome Marchand
2013-06-05 16:21     ` Jiang Liu
2013-06-06  9:37       ` Jerome Marchand
2013-06-06 14:36         ` Jiang Liu
2013-06-06 15:07           ` Jerome Marchand
2013-06-06 15:56             ` Jiang Liu
2013-06-05  5:52 ` [PATCH v2 01/10] zram: kill unused zram_get_num_devices() Minchan Kim
2013-06-05 15:09   ` Jiang Liu
2013-06-05  9:06 ` Jerome Marchand

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=51AF5824.80706@gmail.com \
    --to=liuj97@gmail.com \
    --cc=devel@driverdev.osuosl.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=jiang.liu@huawei.com \
    --cc=jmarchan@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=minchan@kernel.org \
    --cc=ngupta@vflare.org \
    --cc=wangyijing@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.