Re: [PATCH] radix tree: Don't return internal entries on lookup

From: Greg Kurz
Date: Thu Dec 13 2018 - 05:01:48 EST


On Thu, 6 Dec 2018 17:21:02 +0100
Greg Kurz <groug@xxxxxxxx> wrote:

> On Thu, 6 Dec 2018 05:36:20 -0800
> Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
>
> > On Thu, Dec 06, 2018 at 08:54:03AM +0100, Greg Kurz wrote:
> > > Commit 66ee620f06f9 ("idr: Permit any valid kernel pointer to
> > > be stored") changed the radix tree lookup so that it stops when
> > > reaching the bottom of the tree. But radix_tree_descend() may have
> > > changed the node variable to point to an internal entry which then
> > > gets returned to the caller and bad things may happen.
> >
> > > pe_data is equal to R3 which is the return value of radix_tree_lookup(),
> > > ie, 0x406 == RADIX_TREE_RETRY.
> >
> > Thank you for the report and the debugging! I've decided to fix the
> > problem slightly differently, and I've also added a test to the test-suite
>
> Heh this is the fix I came up with initially, but then I wasn't sure
> if other kind of internal entries could possibly be returned by
> radix_tree_descend() so I tried to be smarter... I should have sticked
> to my initial intuition :)
>
> > that reproduces the problem in only a few iterations (the largest I've
> > seen is a few hundred; and often it'll reproduce in under twenty).
> >
> > You can see it here:
> > http://git.infradead.org/users/willy/linux-dax.git/commitdiff/eff3860bbfedbac6edac57fb0d7f3a60e860c1c3
> >
>
> You can add:
>
> Reviewed-by: Greg Kurz <groug@xxxxxxxx>
> Tested-by: Greg Kurz <groug@xxxxxxxx>
>
> > I'll give the build bots a couple of days to chew on it and then ask
> > Linus to pull it.
>

Hi Matthew and Andrew,

I see this fix is in linux-next. I just want to make sure it will
land in 4.20 in order to avoid kernel panics in the OCXL driver.

Cheers,

--
Greg


> Great !
>
> Cheers,
>
> --
> Greg