From: Ming Lei ming.lei@redhat.com
mainline inclusion from mainline-v5.16-rc1 commit 5a4b653655d554b5f51a5d2252882708c56a6f7e category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I674BF CVE: NA
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
After resetting device in zram_remove(), disksize_store still may come and allocate resources again before deleting gendisk, fix the race by resetting zram after del_gendisk() returns. At that time, disksize_store can't come any more.
Reported-by: Luis Chamberlain mcgrof@kernel.org Reviewed-by: Luis Chamberlain mcgrof@kernel.org Signed-off-by: Ming Lei ming.lei@redhat.com Acked-by: Minchan Kim minchan@kernel.org Link: https://lore.kernel.org/r/20211025025426.2815424-4-ming.lei@redhat.com Signed-off-by: Jens Axboe axboe@kernel.dk
Conflicts: drivers/block/zram/zram_drv.c
Signed-off-by: Longlong Xia xialonglong1@huawei.com Reviewed-by: Kefeng Wang wangkefeng.wang@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- drivers/block/zram/zram_drv.c | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index 4916c02d4f8f..40df7f994b89 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -2023,6 +2023,13 @@ static int zram_remove(struct zram *zram) /* del_gendisk drains pending reset_store */ WARN_ON_ONCE(claimed && zram->claim);
+ /* + * disksize_store() may be called in between zram_reset_device() + * and del_gendisk(), so run the last reset to avoid leaking + * anything allocated with disksize_store() + */ + zram_reset_device(zram); + blk_cleanup_queue(zram->disk->queue); put_disk(zram->disk); kfree(zram);