[PATCH 1/4] idr: proper invalid argument handling

From: Lai Jiangshan
Date: Tue Apr 22 2014 - 06:16:47 EST


When the arguments passed by the caller are invalid, WARN_ON_ONCE()
is proper than BUG_ON() which may crash the kernel.

ida_remove()/idr_remove() add checks for "id < 0".
BUG_ON() in ida_simple_remove() is simply removed, due to
ida_remove() already checks for "id < 0".

In idr_alloc(), it still returns -ENOSPC when "start == end",
but it returns -EINVAL when "max < start" while old code returns
-ENOSPC. -EINVAL is proper here, the caller must passed wrong
arguments.

ida_simple_get()'s argument-checks are changed as the same as
idr_alloc().

Signed-off-by: Lai Jiangshan <laijs@xxxxxxxxxxxxxx>
---
lib/idr.c | 25 +++++++++++++------------
1 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/lib/idr.c b/lib/idr.c
index 96bb252..87c98fc 100644
--- a/lib/idr.c
+++ b/lib/idr.c
@@ -457,8 +457,10 @@ int idr_alloc(struct idr *idr, void *ptr, int start, int end, gfp_t gfp_mask)
/* sanity checks */
if (WARN_ON_ONCE(start < 0))
return -EINVAL;
- if (unlikely(max < start))
+ if (unlikely(end > 0 && start == end))
return -ENOSPC;
+ if (WARN_ON_ONCE(max < start))
+ return -EINVAL;

/* allocate id */
id = idr_get_empty_slot(idr, start, pa, gfp_mask, NULL);
@@ -551,10 +553,7 @@ void idr_remove(struct idr *idp, int id)
struct idr_layer *p;
struct idr_layer *to_free;

- if (id < 0)
- return;
-
- if (id > idr_max(idp->layers)) {
+ if (id < 0 || id > idr_max(idp->layers)) {
idr_remove_warning(id);
return;
}
@@ -1012,7 +1011,7 @@ void ida_remove(struct ida *ida, int id)
int n;
struct ida_bitmap *bitmap;

- if (idr_id > idr_max(ida->idr.layers))
+ if (id < 0 || idr_id > idr_max(ida->idr.layers))
goto err;

/* clear full bits while looking up the leaf idr_layer */
@@ -1078,14 +1077,17 @@ int ida_simple_get(struct ida *ida, unsigned int start, unsigned int end,
unsigned int max;
unsigned long flags;

- BUG_ON((int)start < 0);
- BUG_ON((int)end < 0);
+ if (WARN_ON_ONCE((int)start < 0))
+ return -EINVAL;

- if (end == 0)
- max = 0x80000000;
+ if ((int)end <= 0)
+ max = INT_MAX;
else {
- BUG_ON(end < start);
max = end - 1;
+ if (unlikely(start == end))
+ return -ENOSPC;
+ if (WARN_ON_ONCE(max < start))
+ return -EINVAL;
}

again:
@@ -1120,7 +1122,6 @@ void ida_simple_remove(struct ida *ida, unsigned int id)
{
unsigned long flags;

- BUG_ON((int)id < 0);
spin_lock_irqsave(&simple_ida_lock, flags);
ida_remove(ida, id);
spin_unlock_irqrestore(&simple_ida_lock, flags);
--
1.7.4.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/