From: Cody P Schafer <cody@linux.vnet.ibm.com>
To: Andrew Morton <akpm@linux-foundation.org>,
EXT4 <linux-ext4@vger.kernel.org>, Jan Kara <jack@suse.cz>,
rostedt@goodmis.org, Cody P Schafer <cody@linux.vnet.ibm.com>,
Seth Jennings <sjenning@linux.vnet.ibm.com>
Cc: LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH v2 01/11] rbtree: Fix rbtree_postorder_for_each_entry_safe() iterator
Date: Wed, 6 Nov 2013 17:42:30 -0800 [thread overview]
Message-ID: <1383788572-25938-2-git-send-email-cody@linux.vnet.ibm.com> (raw)
In-Reply-To: <1383788572-25938-1-git-send-email-cody@linux.vnet.ibm.com>
From: Jan Kara <jack@suse.cz>
The iterator rbtree_postorder_for_each_entry_safe() relies on pointer
underflow behavior when testing for loop termination. In particular
it expects that
&rb_entry(NULL, type, field)->field
is NULL. But the result of this expression is not defined by a C standard
and some gcc versions (e.g. 4.3.4) assume the above expression can never
be equal to NULL. The net result is an oops because the iteration is not
properly terminated.
Fix the problem by modifying the iterator to avoid pointer underflows.
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Cody P Schafer <cody@linux.vnet.ibm.com>
---
include/linux/rbtree.h | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/include/linux/rbtree.h b/include/linux/rbtree.h
index aa870a4..57e75ae 100644
--- a/include/linux/rbtree.h
+++ b/include/linux/rbtree.h
@@ -85,6 +85,11 @@ static inline void rb_link_node(struct rb_node * node, struct rb_node * parent,
*rb_link = node;
}
+#define rb_entry_safe(ptr, type, member) \
+ ({ typeof(ptr) ____ptr = (ptr); \
+ ____ptr ? rb_entry(____ptr, type, member) : NULL; \
+ })
+
/**
* rbtree_postorder_for_each_entry_safe - iterate over rb_root in post order of
* given type safe against removal of rb_node entry
@@ -95,12 +100,9 @@ static inline void rb_link_node(struct rb_node * node, struct rb_node * parent,
* @field: the name of the rb_node field within 'type'.
*/
#define rbtree_postorder_for_each_entry_safe(pos, n, root, field) \
- for (pos = rb_entry(rb_first_postorder(root), typeof(*pos), field),\
- n = rb_entry(rb_next_postorder(&pos->field), \
- typeof(*pos), field); \
- &pos->field; \
- pos = n, \
- n = rb_entry(rb_next_postorder(&pos->field), \
- typeof(*pos), field))
+ for (pos = rb_entry_safe(rb_first_postorder(root), typeof(*pos), field); \
+ pos && ({ n = rb_entry_safe(rb_next_postorder(&pos->field), \
+ typeof(*pos), field); 1; }); \
+ pos = n)
#endif /* _LINUX_RBTREE_H */
--
1.8.4.2
next prev parent reply other threads:[~2013-11-07 1:43 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-07 1:42 [PATCH v2 00/11] rbtree: postorder iteration: fix, add tests, and use in various places Cody P Schafer
2013-11-07 1:42 ` Cody P Schafer [this message]
2013-11-07 11:51 ` [PATCH v2 01/11] rbtree: Fix rbtree_postorder_for_each_entry_safe() iterator Michel Lespinasse
2013-11-07 18:59 ` Cody P Schafer
2013-11-07 21:38 ` Andrew Morton
2013-11-07 21:58 ` Cody P Schafer
2013-11-07 22:14 ` Jan Kara
2013-11-07 1:42 ` [PATCH v2 02/11] rbtree/test: move rb_node to the middle of the test struct Cody P Schafer
2013-11-07 11:52 ` Michel Lespinasse
2013-11-07 1:42 ` [PATCH v2 03/11] rbtree/test: test rbtree_postorder_for_each_entry_safe() Cody P Schafer
2013-11-07 11:54 ` Michel Lespinasse
2013-11-07 1:42 ` [PATCH v2 04/11] net ipset: use rbtree postorder iteration instead of opencoding Cody P Schafer
2013-11-07 1:42 ` [PATCH v2 05/11] trace/trace_stat: use rbtree postorder iteration helper " Cody P Schafer
2013-11-07 1:42 ` [PATCH v2 06/11] fs/ubifs: " Cody P Schafer
2013-11-07 1:42 ` Cody P Schafer
2013-11-07 1:42 ` Cody P Schafer
2013-11-07 1:42 ` [PATCH v2 07/11] fs/ext4: " Cody P Schafer
2013-11-07 9:28 ` Jan Kara
2013-11-07 1:42 ` [PATCH v2 08/11] fs/jffs2: " Cody P Schafer
2013-11-07 1:42 ` Cody P Schafer
2013-11-07 1:42 ` Cody P Schafer
2013-11-07 1:42 ` [PATCH v2 09/11] fs/ext3: " Cody P Schafer
2013-11-07 8:17 ` Jan Kara
2013-11-07 1:42 ` [PATCH v2 10/11] mtd/ubi: " Cody P Schafer
2013-11-07 1:42 ` Cody P Schafer
2013-11-07 1:42 ` Cody P Schafer
2013-11-07 1:42 ` [PATCH v2 11/11] sh/dwarf: use rbtree postorder iteration helper instead of solution using repeated Cody P Schafer
2013-11-07 1:42 ` [PATCH v2 11/11] sh/dwarf: use rbtree postorder iteration helper instead of solution using repeated rb_erase() Cody P Schafer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1383788572-25938-2-git-send-email-cody@linux.vnet.ibm.com \
--to=cody@linux.vnet.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=sjenning@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.