[PATCH 2/2] xarray: Fix race in xas_find_chunk()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



xas_find_chunk() can be called only under RCU protection and thus tags
can be changing while it is working. Hence the code:

	unsigned long data = *addr & (~0UL << offset);
	if (data)
		return __ffs(data);

is prone to 'data' being refetched from addr by the compiler and thus
calling __ffs() with 0 argument and undefined results.

Fix the problem by removing XA_CHUNK_SIZE == BITS_PER_LONG special case
completely. find_next_bit() gets this right and there's no performance
difference because it is inline and has the very same special branch for
const-sized bitmaps anyway.

Reported-by: Mirsad Todorovac <mirsad.todorovac@xxxxxxxxxxxx>
CC: Matthew Wilcox <willy@xxxxxxxxxxxxx>
Signed-off-by: Jan Kara <jack@xxxxxxx>
---
 include/linux/xarray.h | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/include/linux/xarray.h b/include/linux/xarray.h
index cb571dfcf4b1..07700a2c8870 100644
--- a/include/linux/xarray.h
+++ b/include/linux/xarray.h
@@ -1718,15 +1718,6 @@ static inline unsigned int xas_find_chunk(struct xa_state *xas, bool advance,
 
 	if (advance)
 		offset++;
-	if (XA_CHUNK_SIZE == BITS_PER_LONG) {
-		if (offset < XA_CHUNK_SIZE) {
-			unsigned long data = *addr & (~0UL << offset);
-			if (data)
-				return __ffs(data);
-		}
-		return XA_CHUNK_SIZE;
-	}
-
 	return find_next_bit(addr, XA_CHUNK_SIZE, offset);
 }
 
-- 
2.35.3





[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux