On Thu, 6 Dec 2018 05:36:20 -0800
Matthew Wilcox <wi...@infradead.org> wrote:
> On Thu, Dec 06, 2018 at 08:54:03AM +0100, Greg Kurz wrote:
> > Commit 66ee620f06f9 ("idr: Permit any valid kernel pointer to
> > be stored") changed the radix tree lookup so that it stops when
> > reaching the bottom of the tree. But radix_tree_descend() may have
> > changed the node variable to point to an internal entry which then
> > gets returned to the caller and bad things may happen.
>
> > pe_data is equal to R3 which is the return value of radix_tree_lookup(),
> > ie, 0x406 == RADIX_TREE_RETRY.
>
> Thank you for the report and the debugging! I've decided to fix the
> problem slightly differently, and I've also added a test to the test-suite
Heh this is the fix I came up with initially, but then I wasn't sure
if other kind of internal entries could possibly be returned by
radix_tree_descend() so I tried to be smarter... I should have sticked
to my initial intuition :)
> that reproduces the problem in only a few iterations (the largest I've
> seen is a few hundred; and often it'll reproduce in under twenty).
>
> You can see it here:
> http://git.infradead.org/users/willy/linux-dax.git/commitdiff/eff3860bbfedbac6edac57fb0d7f3a60e860c1c3
>
You can add:
Reviewed-by: Greg Kurz <gr...@kaod.org>
Tested-by: Greg Kurz <gr...@kaod.org>
> I'll give the build bots a couple of days to chew on it and then ask
> Linus to pull it.
Great !
Cheers,
--
Greg
