The patch titled Subject: idr: explain WARN_ON_ONCE() on negative IDs out-of-range ID has been added to the -mm tree. Its filename is idr-explain-warn_on_once-on-negative-ids-out-of-range-id.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Tejun Heo <tj@xxxxxxxxxx> Subject: idr: explain WARN_ON_ONCE() on negative IDs out-of-range ID Until recently, when an negative ID is specified, idr functions used to ignore the sign bit and proceeded with the operation with the rest of bits, which is bizarre and error-prone. The behavior recently got changed so that negative IDs are treated as invalid but we're triggering WARN_ON_ONCE() on negative IDs just in case somebody was depending on the sign bit being ignored, so that those can be detected and fixed easily. We only need this for a while. Explain why WARN_ON_ONCE()s are there and that they can be removed later. Signed-off-by: Tejun Heo <tj@xxxxxxxxxx> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- lib/idr.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff -puN lib/idr.c~idr-explain-warn_on_once-on-negative-ids-out-of-range-id lib/idr.c --- a/lib/idr.c~idr-explain-warn_on_once-on-negative-ids-out-of-range-id +++ a/lib/idr.c @@ -569,6 +569,7 @@ void idr_remove(struct idr *idp, int id) struct idr_layer *p; struct idr_layer *to_free; + /* see comment in idr_find_slowpath() */ if (WARN_ON_ONCE(id < 0)) return; @@ -666,6 +667,14 @@ void *idr_find_slowpath(struct idr *idp, int n; struct idr_layer *p; + /* + * If @id is negative, idr_find() used to ignore the sign bit and + * performed lookup with the rest of bits, which is weird and can + * lead to very obscure bugs. We're now returning NULL for all + * negative IDs but just in case somebody was depending on the sign + * bit being ignored, let's trigger WARN_ON_ONCE() so that they can + * be detected and fixed. WARN_ON_ONCE() can later be removed. + */ if (WARN_ON_ONCE(id < 0)) return NULL; @@ -815,6 +824,7 @@ void *idr_replace(struct idr *idp, void int n; struct idr_layer *p, *old_p; + /* see comment in idr_find_slowpath() */ if (WARN_ON_ONCE(id < 0)) return ERR_PTR(-EINVAL); _ Patches currently in -mm which might be from tj@xxxxxxxxxx are origin.patch device_cgroup-dont-grab-mutex-in-rcu-callback.patch linux-next.patch cfq-fix-lock-imbalance-with-failed-allocations.patch block-restore-proc-partitions-to-not-display-non-partitionable-removable-devices.patch memcg-do-not-create-memsw-files-if-swap-accounting-is-disabled.patch memcg-clean-up-swap-accounting-initialization-code.patch memcg-prevent-changes-to-move_charge_at_immigrate-during-task-attach.patch memcg-split-part-of-memcg-creation-to-css_online.patch memcg-fast-hierarchy-aware-child-test.patch memcg-fast-hierarchy-aware-child-test-fix.patch memcg-fast-hierarchy-aware-child-test-fix-fix.patch memcg-replace-cgroup_lock-with-memcg-specific-memcg_lock.patch memcg-replace-cgroup_lock-with-memcg-specific-memcg_lock-fix.patch memcg-increment-static-branch-right-after-limit-set.patch memcg-avoid-dangling-reference-count-in-creation-failure.patch lib-scatterlist-add-simple-page-iterator.patch lib-scatterlist-use-page-iterator-in-the-mapping-iterator.patch coredump-only-sigkill-should-interrupt-the-coredumping-task.patch coredump-ensure-that-sigkill-always-kills-the-dumping-thread.patch coredump-sanitize-the-setting-of-signal-group_exit_code.patch vfork-dont-freezer_count-for-in-kernel-users-of-clone_vfork.patch lockdep-check-that-no-locks-held-at-freeze-time.patch lockdep-check-that-no-locks-held-at-freeze-time-fix.patch coredump-cleanup-the-waiting-for-coredump_finish-code.patch coredump-use-a-freezable_schedule-for-the-coredump_finish-wait.patch coredump-abort-core-dump-piping-only-due-to-a-fatal-signal.patch idr-fix-a-subtle-bug-in-idr_get_next.patch idr-make-idr_destroy-imply-idr_remove_all.patch atm-nicstar-dont-use-idr_remove_all.patch block-loop-dont-use-idr_remove_all.patch firewire-dont-use-idr_remove_all.patch drm-dont-use-idr_remove_all.patch dm-dont-use-idr_remove_all.patch remoteproc-dont-use-idr_remove_all.patch rpmsg-dont-use-idr_remove_all.patch dlm-use-idr_for_each_entry-in-recover_idr_clear-error-path.patch dlm-dont-use-idr_remove_all.patch nfs-idr_destroy-no-longer-needs-idr_remove_all.patch inotify-dont-use-idr_remove_all.patch cgroup-dont-use-idr_remove_all.patch nfsd-idr_destroy-no-longer-needs-idr_remove_all.patch idr-deprecate-idr_remove_all.patch idr-cosmetic-updates-to-struct-initializer-definitions.patch idr-relocate-idr_for_each_entry-and-reorganize-id_get_new.patch idr-remove-_idr_rc_to_errno-hack.patch idr-refactor-idr_get_new_above.patch idr-implement-idr_preload-and-idr_alloc.patch idr-implement-idr_preload-and-idr_alloc-fix.patch block-fix-synchronization-and-limit-check-in-blk_alloc_devt.patch block-convert-to-idr_alloc.patch block-loop-convert-to-idr_alloc.patch atm-nicstar-convert-to-idr_alloc.patch drbd-convert-to-idr_alloc.patch dca-convert-to-idr_alloc.patch dmaengine-convert-to-idr_alloc.patch firewire-add-minor-number-range-check-to-fw_device_init.patch firewire-convert-to-idr_alloc.patch firewire-convert-to-idr_alloc-fix.patch gpio-convert-to-idr_alloc.patch drm-convert-to-idr_alloc.patch drm-convert-to-idr_alloc-fix.patch drm-convert-to-idr_alloc-fix-fix.patch drm-exynos-convert-to-idr_alloc.patch drm-i915-convert-to-idr_alloc.patch drm-sis-convert-to-idr_alloc.patch drm-via-convert-to-idr_alloc.patch drm-vmwgfx-convert-to-idr_alloc.patch i2c-convert-to-idr_alloc.patch i2c-convert-to-idr_alloc-fix.patch i2c-convert-to-idr_alloc-fix-fix.patch ib-core-convert-to-idr_alloc.patch ib-amso1100-convert-to-idr_alloc.patch ib-cxgb3-convert-to-idr_alloc.patch ib-cxgb4-convert-to-idr_alloc.patch ib-ehca-convert-to-idr_alloc.patch ib-ipath-convert-to-idr_alloc.patch ib-mlx4-convert-to-idr_alloc.patch ib-ocrdma-convert-to-idr_alloc.patch ib-qib-convert-to-idr_alloc.patch dm-convert-to-idr_alloc.patch memstick-convert-to-idr_alloc.patch mfd-convert-to-idr_alloc.patch misc-c2port-convert-to-idr_alloc.patch misc-tifm_core-convert-to-idr_alloc.patch mmc-convert-to-idr_alloc.patch mtd-convert-to-idr_alloc.patch macvtap-convert-to-idr_alloc.patch ppp-convert-to-idr_alloc.patch power-convert-to-idr_alloc.patch pps-convert-to-idr_alloc.patch remoteproc-convert-to-idr_alloc.patch rpmsg-convert-to-idr_alloc.patch scsi-bfa-convert-to-idr_alloc.patch scsi-convert-to-idr_alloc.patch target-iscsi-convert-to-idr_alloc.patch scsi-lpfc-convert-to-idr_alloc.patch thermal-convert-to-idr_alloc.patch uio-convert-to-idr_alloc.patch vfio-convert-to-idr_alloc.patch dlm-convert-to-idr_alloc.patch inotify-convert-to-idr_alloc.patch ocfs2-convert-to-idr_alloc.patch ipc-convert-to-idr_alloc.patch ipc-convert-to-idr_alloc-fix.patch cgroup-convert-to-idr_alloc.patch events-convert-to-idr_alloc.patch posix-timer-dont-call-idr_find-w-out-of-range-id.patch posix-timers-convert-to-idr_alloc.patch net-9p-convert-to-idr_alloc.patch mac80211-convert-to-idr_alloc.patch sctp-convert-to-idr_alloc.patch nfs4client-convert-to-idr_alloc.patch idr-fix-top-layer-handling.patch idr-remove-max_idr_mask-and-move-left-max_idr_-into-idrc.patch idr-remove-length-restriction-from-idr_layer-bitmap.patch idr-remove-length-restriction-from-idr_layer-bitmap-checkpatch-fixes.patch idr-make-idr_layer-larger.patch idr-add-idr_layer-prefix.patch idr-implement-lookup-hint.patch idr-implement-lookup-hint-always-do-slow-path-when-hint-is-uninitialized.patch idr-explain-warn_on_once-on-negative-ids-out-of-range-id.patch hlist-drop-the-node-parameter-from-iterators-fix-fix-fix-fix.patch hlist-drop-the-node-parameter-from-iterators-fix-fix-fix.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html