[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231107073911.GB11577@google.com>
Date: Tue, 7 Nov 2023 16:39:11 +0900
From: Sergey Senozhatsky <senozhatsky@...omium.org>
To: Minchan Kim <minchan@...nel.org>
Cc: Sergey Senozhatsky <senozhatsky@...omium.org>,
linux-kernel@...r.kernel.org, linux-block@...r.kernel.org,
zhouxianrong <zhouxianrong@...wei.com>,
Vasily Averin <vasily.averin@...ux.dev>
Subject: Re: [PATCH] zram: unsafe zram_get_element call in zram_read_page()
On (23/11/06 22:54), Vasily Averin wrote:
> @@ -1362,14 +1362,14 @@ static int zram_read_page(struct zram *zram, struct page *page, u32 index,
> ret = zram_read_from_zspool(zram, page, index);
> zram_slot_unlock(zram, index);
> } else {
> + unsigned long entry = zram_get_element(zram, index);
> /*
> * The slot should be unlocked before reading from the backing
> * device.
> */
> zram_slot_unlock(zram, index);
>
> - ret = read_from_bdev(zram, page, zram_get_element(zram, index),
> - parent);
> + ret = read_from_bdev(zram, page, entry, parent);
Hmmm,
We may want to do more here. Basically, we probably need to re-confirm
after read_from_bdev() that the entry at index still has ZRAM_WB set
and, if so, that it points to the same blk_idx. IOW, check that it has
not been free-ed and re-used under us.
Minchan, what do you think? Is that scenario possible?
Powered by blists - more mailing lists