From: Tejun Heo <tj@kernel.org>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: linux-next@vger.kernel.org,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCHv2] idr: always do slow path when hint is uninitialized
Date: Wed, 20 Feb 2013 09:32:56 -0800 [thread overview]
Message-ID: <20130220173256.GC3570@htj.dyndns.org> (raw)
In-Reply-To: <1361381015-446-1-git-send-email-andriy.shevchenko@linux.intel.com>
Hello,
On Wed, Feb 20, 2013 at 07:23:35PM +0200, Andy Shevchenko wrote:
> The guilty commit is cc5b5f6 "events: convert to idr_alloc()" together with
> f49318a "idr: implement lookup hint". In our case the idr_alloc is never
> called, but idr_find is. The hint field is never initialized and therefore
> should not be dereferenced.
>
> Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> Reported-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> ---
> include/linux/idr.h | 2 +-
> lib/idr.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/idr.h b/include/linux/idr.h
> index aed2a0c..a6f38b5 100644
> --- a/include/linux/idr.h
> +++ b/include/linux/idr.h
> @@ -113,7 +113,7 @@ static inline void *idr_find(struct idr *idr, int id)
> {
> struct idr_layer *hint = rcu_dereference_raw(idr->hint);
>
> - if ((id & ~IDR_MASK) == hint->prefix)
> + if (hint && (id & ~IDR_MASK) == hint->prefix)
> return rcu_dereference_raw(hint->ary[id & IDR_MASK]);
I was thinking more along the line of creating a shared empty layer w/
bogus prefix and then updating free_layer to fallback to it so that we
can avoid the extra if but, yeah, let's do that later. We're already
in merge window.
Acked-by: Tejun Heo <tj@kernel.org>
Thanks!
--
tejun
prev parent reply other threads:[~2013-02-20 17:33 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-20 17:23 [PATCHv2] idr: always do slow path when hint is uninitialized Andy Shevchenko
2013-02-20 17:32 ` Tejun Heo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130220173256.GC3570@htj.dyndns.org \
--to=tj@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-next@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox