From: Jiang Liu Date: Thu, 6 Jun 2013 16:07:22 +0000 (+0800) Subject: zram: avoid invalid memory access in zram_exit() X-Git-Tag: firefly_0821_release~176^2~5845^2~230 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=6030ea9b35971a4200062f010341ab832e878ac9;p=firefly-linux-kernel-4.4.55.git zram: avoid invalid memory access in zram_exit() Memory for zram->disk object may have already been freed after returning from destroy_device(zram), then it's unsafe for zram_reset_device(zram) to access zram->disk again. We can't solve this bug by flipping the order of destroy_device(zram) and zram_reset_device(zram), that will cause deadlock issues to the zram sysfs handler. So fix it by holding an extra reference to zram->disk before calling destroy_device(zram). Signed-off-by: Jiang Liu Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c index d628bd30113c..9057520c0e40 100644 --- a/drivers/staging/zram/zram_drv.c +++ b/drivers/staging/zram/zram_drv.c @@ -727,8 +727,10 @@ static void __exit zram_exit(void) for (i = 0; i < num_devices; i++) { zram = &zram_devices[i]; + get_disk(zram->disk); destroy_device(zram); zram_reset_device(zram); + put_disk(zram->disk); } unregister_blkdev(zram_major, "zram");