From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4F1ADC77B6E
	for <linux-mm@archiver.kernel.org>; Wed, 12 Apr 2023 08:12:22 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id DD832900005; Wed, 12 Apr 2023 04:12:21 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id D384B900003; Wed, 12 Apr 2023 04:12:21 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id BB04A900005; Wed, 12 Apr 2023 04:12:21 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id A6D08900003
	for <linux-mm@kvack.org>; Wed, 12 Apr 2023 04:12:21 -0400 (EDT)
Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay01.hostedemail.com (Postfix) with ESMTP id 76D871C6DCF
	for <linux-mm@kvack.org>; Wed, 12 Apr 2023 08:12:21 +0000 (UTC)
X-FDA: 80672021682.10.810ED25
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
	by imf15.hostedemail.com (Postfix) with ESMTP id 88D0DA000F
	for <linux-mm@kvack.org>; Wed, 12 Apr 2023 08:12:19 +0000 (UTC)
Authentication-Results: imf15.hostedemail.com;
	dkim=pass header.d=linuxfoundation.org header.s=korg header.b=s2OKnfBt;
	spf=pass (imf15.hostedemail.com: domain of gregkh@linuxfoundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org;
	dmarc=pass (policy=none) header.from=linuxfoundation.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1681287139;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:dkim-signature;
	bh=X3EGGHrC3rEDi5cgO7RM1GFV0QAvqPAuZW/lsR7eYrw=;
	b=F4k8jgpHS7WWUQXSDrlGyTwdMO8n/S3VsI93Ij2VAJbh0DsbK2anraIsLWi/mYh23bo+cp
	ZZjnm0V/HTD6B6PiXIyT9EA4T6gX1OMHYmT+MQ089dYD1Y6VFsU+iF0hJ+opyGAiqxnMM5
	70lGFofe5h/IvYwf0KGS1gruR8p5vg8=
ARC-Authentication-Results: i=1;
	imf15.hostedemail.com;
	dkim=pass header.d=linuxfoundation.org header.s=korg header.b=s2OKnfBt;
	spf=pass (imf15.hostedemail.com: domain of gregkh@linuxfoundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org;
	dmarc=pass (policy=none) header.from=linuxfoundation.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681287139; a=rsa-sha256;
	cv=none;
	b=HjPVhpjTYhXSUIfkTZV2ioTiru6LKYXQlOt5I9j9JK3SDc0g/VJ+emSw/BS31i7RnTG9Fx
	QY7BJYr4BAQ+iOj8FLnz5vBzXxLjBCrIQxEG1N6qZn7oAuuVnZZVJmS2FQ4mJ7UexWzXqp
	GJvDgekBmWvN1aqpAMlSG6mU0CNsKN8=
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id A7AD662929;
	Wed, 12 Apr 2023 08:12:18 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id BA707C4339E;
	Wed, 12 Apr 2023 08:12:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
	s=korg; t=1681287138;
	bh=Gtij6Y2AIE3teeZs0V8DyCJ/8P0UJNvFP6rE0xLDxYs=;
	h=Subject:To:Cc:From:Date:In-Reply-To:From;
	b=s2OKnfBtnb2g07UzQnjliVNZdexV/ststrjys07SgDJh8uwQVXEyCrBIXUA4oWh00
	 sI17in1LzZlKn9nDg23DhcHHidibsAQ3boVvIBcEDoLj1LxQhI3UMnf/c5YTp4vIrp
	 jIyX1f6y5enJANUy00PUUHONxWglOy0dvyLZft9I=
Subject: Patch "maple_tree: fix freeing of nodes in rcu mode" has been added to the 6.2-stable tree
To: Liam.Howlett@Oracle.com,Liam.Howlett@oracle.com,gregkh@linuxfoundation.org,linux-mm@kvack.org,maple-tree@lists.infradead.org
Cc: <stable-commits@vger.kernel.org>
From: <gregkh@linuxfoundation.org>
Date: Wed, 12 Apr 2023 10:12:08 +0200
In-Reply-To: <20230411151055.2910579-11-Liam.Howlett@oracle.com>
Message-ID: <2023041208-washer-rewire-88a6@gregkh>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
X-stable: commit
X-Patchwork-Hint: ignore 
X-Stat-Signature: dkqbo8q4591n3nj17t3ye6etiefm6ibo
X-Rspam-User: 
X-Rspamd-Queue-Id: 88D0DA000F
X-Rspamd-Server: rspam06
X-HE-Tag: 1681287139-869421
X-HE-Meta: U2FsdGVkX19lecvo5LL43MTmQrCOzPoHXRM2NaEE2/KtQb1ULha2vN9xyb7T82OwHugNQfDnB3nQL3A+MmVGV0eSMTfw+zI1sFuosgH+55lXK5W5QPqKcZy8gV1ISkygkCxT5AFQNFk6VLLVVSqguBjm2XqAv7StyvU5KaDzv4HWnbXZgSf479/N5fEyN3aGfZJTbw1HLQ5WQ68nsggu2/IQQbg1+OOxYJ5gISqTHH304jdN3760fNUFewuKyfvxTlH+pPVtWOmXezrRKWaVrLUvTGdo0BnuxJ67otSVq7wUxxwSjLhD6j3GGT1sX4SyNs+qtDmqeHFw/07eSlG66NftSTnkl6YyJroshRzXm9hGZsCVwpiM+L+Ldg9hbOH+bSIo+2J8tX3CrbiUTup7K0hIkFbfWaQzv8R26peoiRIMfCviG1OjbaWZ0zEFfIhZ5NlzW0mcPT3RTTAX8DCzUR8cCTpTJngG7Xw/aoF12LyxZx1RGOACK2PgGJH0YqDCmQ8xHPeRy8ZCqjoW2J44pGMn4qf/R5BbV+pxdgqbU0Qfa18qm5GcPv+CJpcRzAlDPUFjtjVdjxhPNfdBW6FCsY5npnF9Lr3Xm2ZJPmjUaAn2Cl6xZ9mPdfDNoWVZjdVM6UvpDo5KtR7tcrN5yiKLo9BvYnM/7ifxI2R3gGKIZrYRPgviZPYQJlOEeWC67mGDF48x4wGCQwTv6CBjyFhOyiQZpmN05RUUw4+7DlgXfh355ntkm96BFO2A7Q02qASknP5PU3nZc16w6FrxLUcUa7AJ03LbgsavdwXJaROkwsTjVeN1OuKGDqCLT8nH+Mp95G9aBuB7il1rw6Gdk4h7u85RC7X37HDrdL59wh5odgC8gUsLedubEQvtbg54tHNH/BgU11Tbx8F+I5AaYqx8AWYeWfMxhRV38VRPUvuiTcBoscSac7Xw4YmLqtDimOPX6Aq8mRIo7nUeQXmvNeT
 eCU+UVfj
 c6jChpH3BL2xh8bwoaKc8gBbVEB/RIt+2Pbz69fgaYeHxjYn3EBD0VRMmWTHKXNALART4zJF4NHLs83izuiFdS0cFL/eVhucxm4wgdLzwI9Hu67n9PXL41lHLgkbT7+Pd+VtRuWXJDOi2/1b7o2q7u4iEsz2R687YO/i2I4FL2mxJ1AZos+hW33OfM7NRg25aOQNfKSIn/5HpMLoi96RJ0Cc04Wu9TkVvtywPWD5Hc8pSO/qDMsoWVouqyYdO7yw263Bxo8JYBqDHZtcNvOJx91D3bGJfNHvlaMg7sQb5QpuDwjLLGJcA5h8Hm1OWAKojMujgW6P0YXCKC5JyQvF7a78oqCdcIReqKPAnWj8Oh8cFwWq6GP39T9s+XP1YU4KEakOL5zk5hVsFMMxOPI5Lw471EdcA6Bi+JdpV8OtBaMvvZ9Yygv4jhVS3wuYO/R4exg0KUlL6T5RpZ/wDZ2F+J9k9Z+kI3WKe8prV32FjkB9K9xr0dn7ro627Fw3K21g3Zrd+XWD5+J+1BfPCwGnPFSUZK2JEmDDmsEBvhdGz1KGlZvoMp3nh8NDnm3N4xDD5Af5khTNSE1OUIcfIQ5FRSG+vWc+mKOr3Rf7Z6DYvBYOtvdkS9Q3sHztrf3Juqp1+ZEfotaX75OmBKp1kKX/saSjFrw==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>


This is a note to let you know that I've just added the patch titled

    maple_tree: fix freeing of nodes in rcu mode

to the 6.2-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     maple_tree-fix-freeing-of-nodes-in-rcu-mode.patch
and it can be found in the queue-6.2 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From stable-owner@vger.kernel.org Tue Apr 11 17:13:39 2023
From: "Liam R. Howlett" <Liam.Howlett@oracle.com>
Date: Tue, 11 Apr 2023 11:10:51 -0400
Subject: maple_tree: fix freeing of nodes in rcu mode
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org
Cc: maple-tree@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Liam R. Howlett" <Liam.Howlett@Oracle.com>, Stable@vger.kernel.org, Liam Howlett <Liam.Howlett@oracle.com>
Message-ID: <20230411151055.2910579-11-Liam.Howlett@oracle.com>

From: "Liam R. Howlett" <Liam.Howlett@Oracle.com>

commit 2e5b4921f8efc9e845f4f04741797d16f36847eb upstream.

The walk to destroy the nodes was not always setting the node type and
would result in a destroy method potentially using the values as nodes.
Avoid this by setting the correct node types.  This is necessary for the
RCU mode of the maple tree.

Link: https://lkml.kernel.org/r/20230227173632.3292573-4-surenb@google.com
Cc: <Stable@vger.kernel.org>
Fixes: 54a611b60590 ("Maple Tree: add new data structure")
Signed-off-by: Liam Howlett <Liam.Howlett@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 lib/maple_tree.c |   73 ++++++++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 62 insertions(+), 11 deletions(-)

--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -898,6 +898,44 @@ static inline void ma_set_meta(struct ma
 }
 
 /*
+ * mas_clear_meta() - clear the metadata information of a node, if it exists
+ * @mas: The maple state
+ * @mn: The maple node
+ * @mt: The maple node type
+ * @offset: The offset of the highest sub-gap in this node.
+ * @end: The end of the data in this node.
+ */
+static inline void mas_clear_meta(struct ma_state *mas, struct maple_node *mn,
+				  enum maple_type mt)
+{
+	struct maple_metadata *meta;
+	unsigned long *pivots;
+	void __rcu **slots;
+	void *next;
+
+	switch (mt) {
+	case maple_range_64:
+		pivots = mn->mr64.pivot;
+		if (unlikely(pivots[MAPLE_RANGE64_SLOTS - 2])) {
+			slots = mn->mr64.slot;
+			next = mas_slot_locked(mas, slots,
+					       MAPLE_RANGE64_SLOTS - 1);
+			if (unlikely((mte_to_node(next) && mte_node_type(next))))
+				return; /* The last slot is a node, no metadata */
+		}
+		fallthrough;
+	case maple_arange_64:
+		meta = ma_meta(mn, mt);
+		break;
+	default:
+		return;
+	}
+
+	meta->gap = 0;
+	meta->end = 0;
+}
+
+/*
  * ma_meta_end() - Get the data end of a node from the metadata
  * @mn: The maple node
  * @mt: The maple node type
@@ -5438,20 +5476,22 @@ no_gap:
  * mas_dead_leaves() - Mark all leaves of a node as dead.
  * @mas: The maple state
  * @slots: Pointer to the slot array
+ * @type: The maple node type
  *
  * Must hold the write lock.
  *
  * Return: The number of leaves marked as dead.
  */
 static inline
-unsigned char mas_dead_leaves(struct ma_state *mas, void __rcu **slots)
+unsigned char mas_dead_leaves(struct ma_state *mas, void __rcu **slots,
+			      enum maple_type mt)
 {
 	struct maple_node *node;
 	enum maple_type type;
 	void *entry;
 	int offset;
 
-	for (offset = 0; offset < mt_slot_count(mas->node); offset++) {
+	for (offset = 0; offset < mt_slots[mt]; offset++) {
 		entry = mas_slot_locked(mas, slots, offset);
 		type = mte_node_type(entry);
 		node = mte_to_node(entry);
@@ -5470,14 +5510,13 @@ unsigned char mas_dead_leaves(struct ma_
 
 static void __rcu **mas_dead_walk(struct ma_state *mas, unsigned char offset)
 {
-	struct maple_node *node, *next;
+	struct maple_node *next;
 	void __rcu **slots = NULL;
 
 	next = mas_mn(mas);
 	do {
-		mas->node = ma_enode_ptr(next);
-		node = mas_mn(mas);
-		slots = ma_slots(node, node->type);
+		mas->node = mt_mk_node(next, next->type);
+		slots = ma_slots(next, next->type);
 		next = mas_slot_locked(mas, slots, offset);
 		offset = 0;
 	} while (!ma_is_leaf(next->type));
@@ -5541,11 +5580,14 @@ static inline void __rcu **mas_destroy_d
 		node = mas_mn(mas);
 		slots = ma_slots(node, mte_node_type(mas->node));
 		next = mas_slot_locked(mas, slots, 0);
-		if ((mte_dead_node(next)))
+		if ((mte_dead_node(next))) {
+			mte_to_node(next)->type = mte_node_type(next);
 			next = mas_slot_locked(mas, slots, 1);
+		}
 
 		mte_set_node_dead(mas->node);
 		node->type = mte_node_type(mas->node);
+		mas_clear_meta(mas, node, node->type);
 		node->piv_parent = prev;
 		node->parent_slot = offset;
 		offset = 0;
@@ -5565,13 +5607,18 @@ static void mt_destroy_walk(struct maple
 
 	MA_STATE(mas, &mt, 0, 0);
 
-	if (mte_is_leaf(enode))
+	mas.node = enode;
+	if (mte_is_leaf(enode)) {
+		node->type = mte_node_type(enode);
 		goto free_leaf;
+	}
 
+	ma_flags &= ~MT_FLAGS_LOCK_MASK;
 	mt_init_flags(&mt, ma_flags);
 	mas_lock(&mas);
 
-	mas.node = start = enode;
+	mte_to_node(enode)->ma_flags = ma_flags;
+	start = enode;
 	slots = mas_destroy_descend(&mas, start, 0);
 	node = mas_mn(&mas);
 	do {
@@ -5579,7 +5626,8 @@ static void mt_destroy_walk(struct maple
 		unsigned char offset;
 		struct maple_enode *parent, *tmp;
 
-		node->slot_len = mas_dead_leaves(&mas, slots);
+		node->type = mte_node_type(mas.node);
+		node->slot_len = mas_dead_leaves(&mas, slots, node->type);
 		if (free)
 			mt_free_bulk(node->slot_len, slots);
 		offset = node->parent_slot + 1;
@@ -5603,7 +5651,8 @@ next:
 	} while (start != mas.node);
 
 	node = mas_mn(&mas);
-	node->slot_len = mas_dead_leaves(&mas, slots);
+	node->type = mte_node_type(mas.node);
+	node->slot_len = mas_dead_leaves(&mas, slots, node->type);
 	if (free)
 		mt_free_bulk(node->slot_len, slots);
 
@@ -5613,6 +5662,8 @@ start_slots_free:
 free_leaf:
 	if (free)
 		mt_free_rcu(&node->rcu);
+	else
+		mas_clear_meta(&mas, node, node->type);
 }
 
 /*


Patches currently in stable-queue which might be from stable-owner@vger.kernel.org are

queue-6.2/maple_tree-fix-potential-rcu-issue.patch
queue-6.2/maple_tree-add-smp_rmb-to-dead-node-detection.patch
queue-6.2/maple_tree-add-rcu-lock-checking-to-rcu-callback-functions.patch
queue-6.2/maple_tree-fix-handle-of-invalidated-state-in-mas_wr_store_setup.patch
queue-6.2/maple_tree-reduce-user-error-potential.patch
queue-6.2/maple_tree-fix-mas_prev-and-mas_find-state-handling.patch
queue-6.2/maple_tree-remove-gfp_zero-from-kmem_cache_alloc-and-kmem_cache_alloc_bulk.patch
queue-6.2/maple_tree-be-more-cautious-about-dead-nodes.patch
queue-6.2/mm-enable-maple-tree-rcu-mode-by-default.patch
queue-6.2/maple_tree-detect-dead-nodes-in-mas_start.patch
queue-6.2/maple_tree-fix-freeing-of-nodes-in-rcu-mode.patch
queue-6.2/maple_tree-remove-extra-smp_wmb-from-mas_dead_leaves.patch
queue-6.2/maple_tree-refine-ma_state-init-from-mas_start.patch