[PATCH 5.4 59/90] XArray: Fix xas_pause at ULONG_MAX

From: Greg Kroah-Hartman
Date: Mon Feb 03 2020 - 11:40:14 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.4 71/90] scsi: fnic: do not queue commands during fwreset"
Previous message: Greg Kroah-Hartman: "[PATCH 5.4 79/90] r8152: avoid the MCU to clear the lanwake"
In reply to: Greg Kroah-Hartman: "[PATCH 5.4 79/90] r8152: avoid the MCU to clear the lanwake"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.4 71/90] scsi: fnic: do not queue commands during fwreset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx>

[ Upstream commit 82a22311b7a68a78709699dc8c098953b70e4fd2 ]

If we were unlucky enough to call xas_pause() when the index was at
ULONG_MAX (or a multi-slot entry which ends at ULONG_MAX), we would
wrap the index back around to 0 and restart the iteration from the
beginning. Use the XAS_BOUNDS state to indicate that we should just
stop the iteration.

Signed-off-by: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
lib/test_xarray.c | 22 ++++++++++++++++++++++
lib/xarray.c | 8 +++++---
2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/lib/test_xarray.c b/lib/test_xarray.c
index 03c3f42966cec..55c14e8c88591 100644
--- a/lib/test_xarray.c
+++ b/lib/test_xarray.c
@@ -1160,6 +1160,27 @@ static noinline void check_move_tiny(struct xarray *xa)
XA_BUG_ON(xa, !xa_empty(xa));
}

+static noinline void check_move_max(struct xarray *xa)
+{
+ XA_STATE(xas, xa, 0);
+
+ xa_store_index(xa, ULONG_MAX, GFP_KERNEL);
+ rcu_read_lock();
+ XA_BUG_ON(xa, xas_find(&xas, ULONG_MAX) != xa_mk_index(ULONG_MAX));
+ XA_BUG_ON(xa, xas_find(&xas, ULONG_MAX) != NULL);
+ rcu_read_unlock();
+
+ xas_set(&xas, 0);
+ rcu_read_lock();
+ XA_BUG_ON(xa, xas_find(&xas, ULONG_MAX) != xa_mk_index(ULONG_MAX));
+ xas_pause(&xas);
+ XA_BUG_ON(xa, xas_find(&xas, ULONG_MAX) != NULL);
+ rcu_read_unlock();
+
+ xa_erase_index(xa, ULONG_MAX);
+ XA_BUG_ON(xa, !xa_empty(xa));
+}
+
static noinline void check_move_small(struct xarray *xa, unsigned long idx)
{
XA_STATE(xas, xa, 0);
@@ -1268,6 +1289,7 @@ static noinline void check_move(struct xarray *xa)
xa_destroy(xa);

check_move_tiny(xa);
+ check_move_max(xa);

for (i = 0; i < 16; i++)
check_move_small(xa, 1UL << i);
diff --git a/lib/xarray.c b/lib/xarray.c
index 47e17d46e5f85..1d9fab7db8dad 100644
--- a/lib/xarray.c
+++ b/lib/xarray.c
@@ -968,6 +968,7 @@ void xas_pause(struct xa_state *xas)
if (xas_invalid(xas))
return;

+ xas->xa_node = XAS_RESTART;
if (node) {
unsigned int offset = xas->xa_offset;
while (++offset < XA_CHUNK_SIZE) {
@@ -975,10 +976,11 @@ void xas_pause(struct xa_state *xas)
break;
}
xas->xa_index += (offset - xas->xa_offset) << node->shift;
+ if (xas->xa_index == 0)
+ xas->xa_node = XAS_BOUNDS;
} else {
xas->xa_index++;
}
- xas->xa_node = XAS_RESTART;
}
EXPORT_SYMBOL_GPL(xas_pause);

@@ -1080,7 +1082,7 @@ void *xas_find(struct xa_state *xas, unsigned long max)
{
void *entry;

- if (xas_error(xas))
+ if (xas_error(xas) || xas->xa_node == XAS_BOUNDS)
return NULL;
if (xas->xa_index > max)
return set_bounds(xas);
@@ -1088,7 +1090,7 @@ void *xas_find(struct xa_state *xas, unsigned long max)
if (!xas->xa_node) {
xas->xa_index = 1;
return set_bounds(xas);
- } else if (xas_top(xas->xa_node)) {
+ } else if (xas->xa_node == XAS_RESTART) {
entry = xas_load(xas);
if (entry || xas_not_node(xas->xa_node))
return entry;
--
2.20.1

Next message: Greg Kroah-Hartman: "[PATCH 5.4 71/90] scsi: fnic: do not queue commands during fwreset"
Previous message: Greg Kroah-Hartman: "[PATCH 5.4 79/90] r8152: avoid the MCU to clear the lanwake"
In reply to: Greg Kroah-Hartman: "[PATCH 5.4 79/90] r8152: avoid the MCU to clear the lanwake"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.4 71/90] scsi: fnic: do not queue commands during fwreset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]