The patch titled
lib/idr.c: zero memory properly in idr_remove_all
has been added to the -mm tree. Its filename is
lib-idrc-zero-memory-properly-in-idr_remove_all.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find
out what to do about this
The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/
------------------------------------------------------
Subject: lib/idr.c: zero memory properly in idr_remove_all
From: David Moore <dcm@xxxxxxx>
The idr_remove_all() function returns unused slabs to the kmem cache, but
needs to zero them first or else they will be uninitialized upon next use.
This fixes crashes which have been observed in the firewire subsystem.
Signed-off-by: David Moore <dcm@xxxxxxx>
Tested-by: Stefan Richter <stefanr@xxxxxxxxxxxxxxxxx>
Cc: Nadia Derbey <Nadia.Derbey@xxxxxxxx>
Cc: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
lib/idr.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff -puN lib/idr.c~lib-idrc-zero-memory-properly-in-idr_remove_all lib/idr.c
--- a/lib/idr.c~lib-idrc-zero-memory-properly-in-idr_remove_all
+++ a/lib/idr.c
@@ -65,6 +65,20 @@ static inline void free_layer(struct idr
call_rcu(&p->rcu_head, idr_layer_rcu_free);
}
+static void idr_layer_rcu_free_zero(struct rcu_head *head)
+{
+ struct idr_layer *layer;
+
+ layer = container_of(head, struct idr_layer, rcu_head);
+ memset(layer, 0, sizeof(struct idr_layer));
+ kmem_cache_free(idr_layer_cache, layer);
+}
+
+static inline void free_layer_zero(struct idr_layer *p)
+{
+ call_rcu(&p->rcu_head, idr_layer_rcu_free_zero);
+}
+
/* only called when idp->lock is held */
static void __move_to_free_list(struct idr *idp, struct idr_layer *p)
{
@@ -462,7 +476,7 @@ void idr_remove_all(struct idr *idp)
id += 1 << n;
while (n < fls(id)) {
if (p)
- free_layer(p);
+ free_layer_zero(p);
n += IDR_BITS;
p = *--paa;
}
_
Patches currently in -mm which might be from dcm@xxxxxxx are
linux-next.patch
lib-idrc-zero-memory-properly-in-idr_remove_all.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
