From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Andrey Ryabinin <aryabinin@virtuozzo.com>,
Dmitry Vyukov <dvyukov@google.com>,
Konstantin Khlebnikov <koct9i@gmail.com>,
Matthew Wilcox <willy@linux.intel.com>,
Hugh Dickins <hughd@google.com>,
Ross Zwisler <ross.zwisler@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.4 027/114] radix-tree: fix radix_tree_iter_retry() for tagged iterators.
Date: Thu, 8 Nov 2018 13:50:42 -0800 [thread overview]
Message-ID: <20181108215101.574865326@linuxfoundation.org> (raw)
In-Reply-To: <20181108215059.051093652@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
[ Upstream commit 3cb9185c67304b2a7ea9be73e7d13df6fb2793a1 ]
radix_tree_iter_retry() resets slot to NULL, but it doesn't reset tags.
Then NULL slot and non-zero iter.tags passed to radix_tree_next_slot()
leading to crash:
RIP: radix_tree_next_slot include/linux/radix-tree.h:473
find_get_pages_tag+0x334/0x930 mm/filemap.c:1452
....
Call Trace:
pagevec_lookup_tag+0x3a/0x80 mm/swap.c:960
mpage_prepare_extent_to_map+0x321/0xa90 fs/ext4/inode.c:2516
ext4_writepages+0x10be/0x2b20 fs/ext4/inode.c:2736
do_writepages+0x97/0x100 mm/page-writeback.c:2364
__filemap_fdatawrite_range+0x248/0x2e0 mm/filemap.c:300
filemap_write_and_wait_range+0x121/0x1b0 mm/filemap.c:490
ext4_sync_file+0x34d/0xdb0 fs/ext4/fsync.c:115
vfs_fsync_range+0x10a/0x250 fs/sync.c:195
vfs_fsync fs/sync.c:209
do_fsync+0x42/0x70 fs/sync.c:219
SYSC_fdatasync fs/sync.c:232
SyS_fdatasync+0x19/0x20 fs/sync.c:230
entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207
We must reset iterator's tags to bail out from radix_tree_next_slot()
and go to the slow-path in radix_tree_next_chunk().
Fixes: 46437f9a554f ("radix-tree: fix race in gang lookup")
Link: http://lkml.kernel.org/r/1468495196-10604-1-git-send-email-aryabinin@virtuozzo.com
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Matthew Wilcox <willy@linux.intel.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/radix-tree.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/linux/radix-tree.h b/include/linux/radix-tree.h
index 5d5174b59802..673dee29a9b9 100644
--- a/include/linux/radix-tree.h
+++ b/include/linux/radix-tree.h
@@ -382,6 +382,7 @@ static inline __must_check
void **radix_tree_iter_retry(struct radix_tree_iter *iter)
{
iter->next_index = iter->index;
+ iter->tags = 0;
return NULL;
}
--
2.17.1
next prev parent reply other threads:[~2018-11-08 21:59 UTC|newest]
Thread overview: 130+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-08 21:50 [PATCH 4.4 000/114] 4.4.163-stable review Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 001/114] xfrm: Validate address prefix lengths in the xfrm selector Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 002/114] xfrm6: call kfree_skb when skb is toobig Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 003/114] mac80211: Always report TX status Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 004/114] cfg80211: reg: Init wiphy_idx in regulatory_hint_core() Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 005/114] ARM: 8799/1: mm: fix pci_ioremap_io() offset check Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 006/114] xfrm: validate template mode Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 007/114] mac80211_hwsim: do not omit multicast announce of first added radio Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 008/114] Bluetooth: SMP: fix crash in unpairing Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 009/114] pxa168fb: prepare the clock Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 010/114] asix: Check for supported Wake-on-LAN modes Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 011/114] ax88179_178a: " Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 012/114] lan78xx: " Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 013/114] sr9800: " Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 014/114] r8152: Check for supported Wake-on-LAN Modes Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 015/114] smsc75xx: Check for Wake-on-LAN modes Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 016/114] smsc95xx: " Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 017/114] perf/ring_buffer: Prevent concurent ring buffer access Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 018/114] net: cxgb3_main: fix a missing-check bug Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 019/114] KEYS: put keyring if install_session_keyring_to_cred() fails Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 020/114] ipv6: suppress sparse warnings in IP6_ECN_set_ce() Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 021/114] net: drop write-only stack variable Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 022/114] ser_gigaset: use container_of() instead of detour Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 023/114] tracing: Skip more functions when doing stack tracing of events Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 024/114] ARM: dts: apq8064: add ahci ports-implemented mask Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 025/114] x86/mm/pat: Prevent hang during boot when mapping pages Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 026/114] btrfs: cleaner_kthread() doesnt need explicit freeze Greg Kroah-Hartman
2018-11-08 23:28 ` David Sterba
2018-11-09 0:04 ` Sasha Levin
2018-11-09 0:22 ` Greg Kroah-Hartman
2018-11-08 21:50 ` Greg Kroah-Hartman [this message]
2018-11-08 21:50 ` [PATCH 4.4 028/114] af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 029/114] net/mlx4_en: Resolve dividing by zero in 32-bit system Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 030/114] ipv6: orphan skbs in reassembly unit Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 031/114] um: Avoid longjmp/setjmp symbol clashes with libpthread.a Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 032/114] sched/cgroup: Fix cgroup entity load tracking tear-down Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 033/114] btrfs: dont create or leak aliased root while cleaning up orphans Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 034/114] thermal: allow spear-thermal driver to be a module Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 035/114] thermal: allow u8500-thermal " Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 036/114] tpm: fix: return rc when devm_add_action() fails Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 037/114] x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 038/114] aacraid: Start adapter after updating number of MSIX vectors Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 039/114] perf/core: Dont leak event in the syscall error path Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 040/114] [media] usbvision: revert commit 588afcc1 Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 041/114] MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 042/114] ASoC: ak4613: Enable cache usage to fix crashes on resume Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 043/114] ASoC: wm8940: " Greg Kroah-Hartman
2018-11-08 21:50 ` [PATCH 4.4 044/114] CIFS: handle guest access errors to Windows shares Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 045/114] arm64: Fix potential race with hardware DBM in ptep_set_access_flags() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 046/114] xfrm: Clear sk_dst_cache when applying per-socket policy Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 047/114] scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 048/114] sparc/pci: Refactor dev_archdata initialization into pci_init_dev_archdata Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 049/114] sch_red: update backlog as well Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 050/114] usb-storage: fix bogus hardware error messages for ATA pass-thru devices Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 051/114] bpf: generally move prog destruction to RCU deferral Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 052/114] drm/nouveau/fbcon: fix oops without fbdev emulation Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 053/114] fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 054/114] ixgbevf: Fix handling of NAPI budget when multiple queues are enabled per vector Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 055/114] net/mlx5e: Fix LRO modify Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 056/114] net/mlx5e: Correctly handle RSS indirection table when changing number of channels Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 057/114] ixgbe: fix RSS limit for X550 Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 058/114] ixgbe: Correct X550EM_x revision check Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 059/114] ALSA: timer: Fix zero-division by continue of uninitialized instance Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 060/114] vti6: flush x-netns xfrm cache when vti interface is removed Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 061/114] gro: Allow tunnel stacking in the case of FOU/GUE Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 062/114] brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 063/114] l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() Greg Kroah-Hartman
2018-11-09 15:33 ` Guillaume Nault
2018-11-09 16:28 ` Greg Kroah-Hartman
2018-11-09 16:30 ` Guillaume Nault
2018-11-08 21:51 ` [PATCH 4.4 064/114] tty: serial: sprd: fix error return code in sprd_probe() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 065/114] video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 066/114] sparc64 mm: Fix more TSB sizing issues Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 067/114] gpu: host1x: fix error return code in host1x_probe() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 068/114] sparc64: Fix exception handling in UltraSPARC-III memcpy Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 069/114] gpio: msic: fix error return code in platform_msic_gpio_probe() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 070/114] usb: imx21-hcd: fix error return code in imx21_probe() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 071/114] usb: ehci-omap: fix error return code in ehci_hcd_omap_probe() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 072/114] usb: dwc3: omap: fix error return code in dwc3_omap_probe() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 073/114] spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 074/114] MIPS: Handle non word sized instructions when examining frame Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 075/114] spi/bcm63xx: fix error return code in bcm63xx_spi_probe() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 076/114] spi: xlp: fix error return code in xlp_spi_probe() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 077/114] ASoC: spear: fix error return code in spdif_in_probe() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 078/114] PM / devfreq: tegra: fix error return code in tegra_devfreq_probe() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 079/114] bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 080/114] scsi: aacraid: Fix typo in blink status Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 081/114] MIPS: microMIPS: Fix decoding of swsp16 instruction Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 082/114] igb: Remove superfluous reset to PHY and page 0 selection Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 083/114] MIPS: DEC: Fix an int-handler.S CPU_DADDI_WORKAROUNDS regression Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 084/114] ARM: dts: imx53-qsb: disable 1.2GHz OPP Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 085/114] fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 086/114] mtd: spi-nor: Add support for is25wp series chips Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 087/114] perf tools: Disable parallelism for make clean Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 088/114] bridge: do not add port to router list when receives query with source 0.0.0.0 Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 089/114] net: bridge: remove ipv6 zero address check in mcast queries Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 090/114] ipv6: mcast: fix a use-after-free in inet6_mc_check Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 091/114] ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 092/114] net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 093/114] net: sched: gred: pass the right attribute to gred_change_table_def() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 094/114] net: socket: fix a missing-check bug Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 095/114] net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 096/114] r8169: fix NAPI handling under high load Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 097/114] sctp: fix race on sctp_id2asoc Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 098/114] net: drop skb on failure in ip_check_defrag() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 099/114] vhost: Fix Spectre V1 vulnerability Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 100/114] rtnetlink: Disallow FDB configuration for non-Ethernet device Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 101/114] mremap: properly flush TLB before releasing the page Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 102/114] crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 103/114] ahci: dont ignore result code of ahci_reset_controller() Greg Kroah-Hartman
2018-11-08 21:51 ` [PATCH 4.4 104/114] cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) Greg Kroah-Hartman
2018-11-08 21:52 ` [PATCH 4.4 105/114] ptp: fix Spectre v1 vulnerability Greg Kroah-Hartman
2018-11-08 21:52 ` [PATCH 4.4 106/114] RDMA/ucma: Fix " Greg Kroah-Hartman
2018-11-08 21:52 ` [PATCH 4.4 107/114] IB/ucm: " Greg Kroah-Hartman
2018-11-08 21:52 ` [PATCH 4.4 108/114] cdc-acm: correct counting of UART states in serial state notification Greg Kroah-Hartman
2018-11-08 21:52 ` [PATCH 4.4 109/114] usb: gadget: storage: Fix Spectre v1 vulnerability Greg Kroah-Hartman
2018-11-08 21:52 ` [PATCH 4.4 110/114] USB: fix the usbfs flag sanitization for control transfers Greg Kroah-Hartman
2018-11-08 21:52 ` [PATCH 4.4 111/114] Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM Greg Kroah-Hartman
2018-11-08 21:52 ` [PATCH 4.4 112/114] sched/fair: Fix throttle_list starvation with low CFS quota Greg Kroah-Hartman
2018-11-08 21:52 ` [PATCH 4.4 113/114] x86/percpu: Fix this_cpu_read() Greg Kroah-Hartman
2018-11-08 21:52 ` [PATCH 4.4 114/114] x86/time: Correct the attribute on jiffies definition Greg Kroah-Hartman
2018-11-09 13:50 ` [PATCH 4.4 000/114] 4.4.163-stable review Guenter Roeck
2018-11-09 14:14 ` Guenter Roeck
2018-11-09 16:15 ` Greg Kroah-Hartman
2018-11-09 16:15 ` Greg Kroah-Hartman
2018-11-09 14:46 ` Greg Kroah-Hartman
2018-11-09 19:44 ` Shuah Khan
2018-11-09 21:30 ` Guenter Roeck
2018-11-10 15:22 ` Greg Kroah-Hartman
2018-11-09 21:55 ` Dan Rue
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181108215101.574865326@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=aryabinin@virtuozzo.com \
--cc=dvyukov@google.com \
--cc=hughd@google.com \
--cc=koct9i@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ross.zwisler@linux.intel.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=willy@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.