Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 16741735 authored by Charan Teja Reddy's avatar Charan Teja Reddy Committed by Gerrit - the friendly Code Review server
Browse files

zram: fix race condition while returning zram_entry refcount 



With deduplication enabled, the duplicated zram objects are tracked
using the zram_entry backed by a refcount. The race condition while
decrementing the refcount through zram_dedup_put() is as follows:
Say Task A and task B share the same object and thus the
zram_entry->refcount = 2.
Task A				Task B

zram_dedup_put  		zram_dedup_put
				spin_lock(&hash->lock);
				entry->refcount--; (Now it is 1)
				spin_unlock(&hash->lock);
spin_lock(&hash->lock);
entry->refcount--; (Now it is 0)
spin_unlock(&hash->lock);

return entry->refcount		return entry->refcount

We return 0 in above steps thus leading to double free of the handle,
which is a slab object.

Change-Id: I8dd9bad27140a6e3a295905bf4411050d8eac931
Signed-off-by: default avatarCharan Teja Reddy <charante@codeaurora.org>
parent c5247c2b
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment