Re: patch idr-fix-a-critical-misallocation-bug.patch added to 2.6.32-stable tree

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tejun Heo <tj@kernel.org>
To: Stefan Lippers-Hollmann <s.L-H@gmx.de>
Cc: Greg KH <gregkh@suse.de>,
	linux-kernel@vger.kernel.org, Eric Paris <eparis@redhat.com>,
	akpm@linux-foundation.org, torvalds@linux-foundation.org,
	stable@kernel.org
Subject: Re: patch idr-fix-a-critical-misallocation-bug.patch added to 2.6.32-stable tree
Date: Thu, 04 Feb 2010 12:56:38 +0900	[thread overview]
Message-ID: <4B6A4576.5050401@kernel.org> (raw)
In-Reply-To: <201002040446.05068.s.L-H@gmx.de>

On 02/04/2010 12:46 PM, Stefan Lippers-Hollmann wrote:
> Hi
> 
> [ Sorry for not reporting this earlier today, while 
>   idr-fix-a-critical-misallocation-bug was still part of queue-2.6.32, but 
>   bisecting this (and previously net-restore-ip-source-validation.patch) 
>   took its time. ]
> 
> On Thursday 04 February 2010, Greg KH wrote:
>> On Wed, Feb 03, 2010 at 08:21:39AM -0500, Eric Paris wrote:
>>> On Wed, 2010-02-03 at 14:21 +0900, Tejun Heo wrote:
>>>
>>>>> Eric Paris located a bug in idr.  With IDR_BITS of 6, it grows to three
>>>>> layers when id 4096 is first allocated.  When that happens, idr wraps
>>>>> incorrectly and searches the idr array ignoring the high bits.  The
>>>>> following test code from Eric demonstrates the bug nicely.
>>>> ...
>>>>> Based-on-patch-from: Eric Paris <eparis@redhat.com>
>>>>> Reported-by: Eric Paris <eparis@redhat.com>
>>>>> Signed-off-by: Tejun Heo <tj@kernel.org>
>>>>> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
>>>>> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
>>>>> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
>>>>
>>>> Greg, can this wait a bit more, maybe until the next -stable release?
>>>> The code there is very fragile and this has been broken forever so I
>>>> think it would be better if we wait a bit more while it gets testing
>>>> mainline.
> 
> Just as a side note, this patch as part of the 2.6.32 stable queue (before 
> this patch was removed again) seems to break logging into KDE 4.3.4 through
> kdm on several different systems with Intel chipsets/ graphics (kvm 
> active). X and kdm start normally, logging in shows the ksplash, which 
> quickly terminates the xsession and dumps back to kdm. Removing just this 
> patch from 2.6.32 + (previous) stable queue fixes the problem for me; 
> however 2.6.33-rc6-git3 seems to be affected as well, but freezes X, 
> instead of "just" terminating the current X session and reverting to kdm.
> 
> While I have reports from several different intel chipsets, I can 
> personally reproduce it on an Intel D945GCLF2 mainboard:

Does this patch make any difference?

diff --git a/lib/idr.c b/lib/idr.c
index ba7d37c..a96c604 100644
--- a/lib/idr.c
+++ b/lib/idr.c
@@ -140,7 +140,8 @@ static int sub_alloc(struct idr *idp, int *starting_id, struct idr_layer **pa)
 	id = *starting_id;
  restart:
 	p = idp->top;
-	l = p->layer;
+	l = idp->layers;
+	pa[l--] = NULL;
 	while (1) {
 		/*
 		 * We run around this while until we reach the leaf node...


-- 
tejun

next prev parent reply	other threads:[~2010-02-04  3:50 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <12651725962428@site>
     [not found] ` <1265203299.2919.1.camel@localhost>
     [not found]   ` <20100203233720.GA28271@suse.de>
2010-02-04  3:46     ` patch idr-fix-a-critical-misallocation-bug.patch added to 2.6.32-stable tree Stefan Lippers-Hollmann
2010-02-04  3:56       ` Tejun Heo [this message]
2010-02-04  8:36         ` Xiaotian Feng
2010-02-04 15:41         ` Stefan Lippers-Hollmann
2010-02-11  8:51           ` Tejun Heo
2010-02-11 14:32             ` Stefan Lippers-Hollmann

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ba7d37c dfblob:a96c604 )
 OR (
bs:"Re: patch idr-fix-a-critical-misallocation-bug.patch added to 2.6.32-stable tree" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4B6A4576.5050401@kernel.org \
    --to=tj@kernel.org \
    --cc=akpm@linux-foundation.org \
    --cc=eparis@redhat.com \
    --cc=gregkh@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=s.L-H@gmx.de \
    --cc=stable@kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.