Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Sat, 19 May 2018 07:14:45 -0700 Matthew Wilcox wrote: > On Sat, May 19, 2018 at 09:26:36AM +0300, Roman Kagan wrote: > > On Fri, May 18, 2018 at 03:31:38PM -0700, Andrew Morton wrote: > > > On Fri, 18 May 2018 10:50:25 -0700 Matthew Wilcox > > >

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Sat, 19 May 2018 07:14:45 -0700 Matthew Wilcox wrote: > On Sat, May 19, 2018 at 09:26:36AM +0300, Roman Kagan wrote: > > On Fri, May 18, 2018 at 03:31:38PM -0700, Andrew Morton wrote: > > > On Fri, 18 May 2018 10:50:25 -0700 Matthew Wilcox > > > wrote: > > > > > > > If the radix tree

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Sat, May 19, 2018 at 09:26:36AM +0300, Roman Kagan wrote: > On Fri, May 18, 2018 at 03:31:38PM -0700, Andrew Morton wrote: > > On Fri, 18 May 2018 10:50:25 -0700 Matthew Wilcox > > wrote: > > > > > If the radix tree underlying the IDR happens to be full and we attempt >

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Sat, May 19, 2018 at 09:26:36AM +0300, Roman Kagan wrote: > On Fri, May 18, 2018 at 03:31:38PM -0700, Andrew Morton wrote: > > On Fri, 18 May 2018 10:50:25 -0700 Matthew Wilcox > > wrote: > > > > > If the radix tree underlying the IDR happens to be full and we attempt > > > to remove an id

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Fri, May 18, 2018 at 03:31:38PM -0700, Andrew Morton wrote: > On Fri, 18 May 2018 10:50:25 -0700 Matthew Wilcox wrote: > > > If the radix tree underlying the IDR happens to be full and we attempt > > to remove an id which is larger than any id in the IDR, we will call > >

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Fri, May 18, 2018 at 03:31:38PM -0700, Andrew Morton wrote: > On Fri, 18 May 2018 10:50:25 -0700 Matthew Wilcox wrote: > > > If the radix tree underlying the IDR happens to be full and we attempt > > to remove an id which is larger than any id in the IDR, we will call > >

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Fri, May 18, 2018 at 11:23:08PM +0300, Roman Kagan wrote: > On Fri, May 18, 2018 at 10:50:25AM -0700, Matthew Wilcox wrote: > > It'd be nice if you cc'd the person who wrote the code you're patching. > > You'd get a response a lot quicker than waiting until I happened to > > notice the email in

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Fri, May 18, 2018 at 11:23:08PM +0300, Roman Kagan wrote: > On Fri, May 18, 2018 at 10:50:25AM -0700, Matthew Wilcox wrote: > > It'd be nice if you cc'd the person who wrote the code you're patching. > > You'd get a response a lot quicker than waiting until I happened to > > notice the email in

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Fri, May 18, 2018 at 03:31:38PM -0700, Andrew Morton wrote: > On Fri, 18 May 2018 10:50:25 -0700 Matthew Wilcox wrote: > > If the radix tree underlying the IDR happens to be full and we attempt > > to remove an id which is larger than any id in the IDR, we will call > >

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Fri, May 18, 2018 at 03:31:38PM -0700, Andrew Morton wrote: > On Fri, 18 May 2018 10:50:25 -0700 Matthew Wilcox wrote: > > If the radix tree underlying the IDR happens to be full and we attempt > > to remove an id which is larger than any id in the IDR, we will call > > __radix_tree_delete()

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Fri, 18 May 2018 10:50:25 -0700 Matthew Wilcox wrote: > If the radix tree underlying the IDR happens to be full and we attempt > to remove an id which is larger than any id in the IDR, we will call > __radix_tree_delete() with an uninitialised 'slot' pointer, at which >

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Fri, 18 May 2018 10:50:25 -0700 Matthew Wilcox wrote: > If the radix tree underlying the IDR happens to be full and we attempt > to remove an id which is larger than any id in the IDR, we will call > __radix_tree_delete() with an uninitialised 'slot' pointer, at which > point anything could

Re: [PATCH] idr: fix invalid ptr dereference on item delete

Matthew Wilcox <wi...@infradead.org> - Date: Fri, 18 May 2018 10:50:25 -0700 From: Matthew Wilcox <wi...@infradead.org> To: Roman Kagan <rka...@virtuozzo.com> Cc: Andrew Morton <a...@linux-foundation.org>, linux-kernel@vger.kernel.org Subject: Re: [PATCH] idr: fix invalid

Re: [PATCH] idr: fix invalid ptr dereference on item delete

: Fri, 18 May 2018 10:50:25 -0700 From: Matthew Wilcox To: Roman Kagan Cc: Andrew Morton , linux-kernel@vger.kernel.org Subject: Re: [PATCH] idr: fix invalid ptr dereference on item delete It'd be nice if you cc'd the person who wrote the code you're patching. You'd get a response a lot quicke

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Fri, May 18, 2018 at 10:50:25AM -0700, Matthew Wilcox wrote: > It'd be nice if you cc'd the person who wrote the code you're patching. > You'd get a response a lot quicker than waiting until I happened to > notice the email in a different forum. I sent it to someone called "Matthew Wilcox

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Fri, May 18, 2018 at 10:50:25AM -0700, Matthew Wilcox wrote: > It'd be nice if you cc'd the person who wrote the code you're patching. > You'd get a response a lot quicker than waiting until I happened to > notice the email in a different forum. I sent it to someone called "Matthew Wilcox ".

Re: [PATCH] idr: fix invalid ptr dereference on item delete

It'd be nice if you cc'd the person who wrote the code you're patching. You'd get a response a lot quicker than waiting until I happened to notice the email in a different forum. Thanks for finding the situation that leads to the bug. Your fix is incorrect; it's legitimate to store a NULL value

Re: [PATCH] idr: fix invalid ptr dereference on item delete

It'd be nice if you cc'd the person who wrote the code you're patching. You'd get a response a lot quicker than waiting until I happened to notice the email in a different forum. Thanks for finding the situation that leads to the bug. Your fix is incorrect; it's legitimate to store a NULL value

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On 11/05/2018 07:57, Roman Kagan wrote: >>> Should radix-tree be compilable in userspace, so that we can add unit >>> tests for it?... >> Good point. >> >> For my education, what/where are the tests that run as user-space code? > Actually there are userspace tests for it under

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On 11/05/2018 07:57, Roman Kagan wrote: >>> Should radix-tree be compilable in userspace, so that we can add unit >>> tests for it?... >> Good point. >> >> For my education, what/where are the tests that run as user-space code? > Actually there are userspace tests for it under

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Fri, May 11, 2018 at 07:40:26AM +0200, Dmitry Vyukov wrote: > On Fri, May 11, 2018 at 1:54 AM, Paolo Bonzini wrote: > > On 10/05/2018 21:16, Roman Kagan wrote: > >> If an IDR contains a single entry at index==0, the underlying radix tree > >> has a single item in its root

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Fri, May 11, 2018 at 07:40:26AM +0200, Dmitry Vyukov wrote: > On Fri, May 11, 2018 at 1:54 AM, Paolo Bonzini wrote: > > On 10/05/2018 21:16, Roman Kagan wrote: > >> If an IDR contains a single entry at index==0, the underlying radix tree > >> has a single item in its root node, in which case >

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Fri, May 11, 2018 at 1:54 AM, Paolo Bonzini wrote: > On 10/05/2018 21:16, Roman Kagan wrote: >> If an IDR contains a single entry at index==0, the underlying radix tree >> has a single item in its root node, in which case >> __radix_tree_lookup(index!=0) doesn't set its

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On Fri, May 11, 2018 at 1:54 AM, Paolo Bonzini wrote: > On 10/05/2018 21:16, Roman Kagan wrote: >> If an IDR contains a single entry at index==0, the underlying radix tree >> has a single item in its root node, in which case >> __radix_tree_lookup(index!=0) doesn't set its *@nodep argument (in >>

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On 10/05/2018 21:16, Roman Kagan wrote: > If an IDR contains a single entry at index==0, the underlying radix tree > has a single item in its root node, in which case > __radix_tree_lookup(index!=0) doesn't set its *@nodep argument (in > addition to returning NULL). > > However, the tree itself

Re: [PATCH] idr: fix invalid ptr dereference on item delete

On 10/05/2018 21:16, Roman Kagan wrote: > If an IDR contains a single entry at index==0, the underlying radix tree > has a single item in its root node, in which case > __radix_tree_lookup(index!=0) doesn't set its *@nodep argument (in > addition to returning NULL). > > However, the tree itself

[PATCH] idr: fix invalid ptr dereference on item delete

If an IDR contains a single entry at index==0, the underlying radix tree has a single item in its root node, in which case __radix_tree_lookup(index!=0) doesn't set its *@nodep argument (in addition to returning NULL). However, the tree itself is not empty, i.e. the tree root doesn't have

[PATCH] idr: fix invalid ptr dereference on item delete

If an IDR contains a single entry at index==0, the underlying radix tree has a single item in its root node, in which case __radix_tree_lookup(index!=0) doesn't set its *@nodep argument (in addition to returning NULL). However, the tree itself is not empty, i.e. the tree root doesn't have