Re: [PATCH v3 1/2] lib/idr: fix infinite loop in idr_get_next()

Next message: Mario Limonciello (AMD) (kernel.org): "Re: [PATCH v2 6/9] amd-pstate: Add sysfs support for floor_freq and floor_count"
Previous message: Nathan Chancellor: "Re: [PATCH] integrity: Eliminate weak definition of arch_get_secureboot()"
In reply to: Josh Law: "[PATCH v3 1/2] lib/idr: fix infinite loop in idr_get_next()"
Next in thread: Josh Law: "Re: [PATCH v3 1/2] lib/idr: fix infinite loop in idr_get_next()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrew Morton

Date: Thu Mar 12 2026 - 16:57:07 EST

On Thu, 12 Mar 2026 18:19:47 +0000 Josh Law <hlcj1234567@xxxxxxxxx> wrote:

> In idr_get_next(), if the returned id from idr_get_next_ul() is greater
> than INT_MAX, the function issues a warning and returns NULL without
> updating the *nextid pointer. This causes a soft lockup for any caller
> iterating over an IDR (e.g. via idr_for_each_entry) because they will
> receive NULL, fail to advance their index, and repeatedly query the same
> state forever.

This assumes that the idr_get_next() caller ignores the NULL return and
just keeps on looping. Isn't that a caller bug and if so, do we need
to defend against it here?