1
linux/lib
Tejun Heo d2e7276b6b idr: fix a critical misallocation bug, take#2
This is retry of reverted 859ddf0974
("idr: fix a critical misallocation bug") which contained two bugs.

* pa[idp->layers] should be cleared even if it's not used by
  sub_alloc() because it's used by mark idr_mark_full().

* The original condition check also assigned pa[l] to p which the new
  code didn't do thus leaving p pointing at the wrong layer.

Both problems have been fixed and the idr code has received good amount
testing using userland testing setup where simple bitmap allocator is
run parallel to verify the result of idr allocation.

The bug this patch fixes is caused by sub_alloc() optimization path
bypassing out-of-room condition check and restarting allocation loop
with starting value higher than maximum allowed value.  For detailed
description, please read commit message of 859ddf09.

Signed-off-by: Tejun Heo <tj@kernel.org>
Based-on-patch-from: Eric Paris <eparis@redhat.com>
Reported-by: Eric Paris <eparis@redhat.com>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Tested-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-22 19:50:34 -08:00
..
lzo lib: add support for LZO-compressed kernels 2010-01-11 09:34:04 -08:00
reed_solomon lib: Remove unnecessary inclusions of asm/semaphore.h 2008-04-18 22:17:17 -04:00
zlib_deflate trivial: fix typo "to to" in multiple files 2009-09-21 15:14:55 +02:00
zlib_inflate zlib: Fix build of powerpc boot wrapper 2010-01-13 16:13:39 -08:00
.gitignore
argv_split.c tree-wide: convert open calls to remove spaces to skip_spaces() lib function 2009-12-15 08:53:32 -08:00
atomic64.c lib: export generic atomic64_t functions 2009-07-29 19:10:35 -07:00
audit.c
bcd.c rtc: BCD codeshrink 2008-07-24 10:47:33 -07:00
bitmap.c bitmap: introduce bitmap_set, bitmap_clear, bitmap_find_next_zero_area 2009-12-16 07:20:18 -08:00
bitrev.c lib: export bitrev16 2008-06-06 11:29:10 -07:00
bug.c allow bug table entries to use relative pointers (and use it on x86-64) 2008-12-16 18:40:32 +01:00
bust_spinlocks.c oops handling: ensure that any oops is flushed to the mtdoops console 2009-01-06 15:59:11 -08:00
check_signature.c
checksum.c lib/checksum: fix one more thinko 2009-11-03 16:06:53 +01:00
cmdline.c generic, memparse(): constify argument 2008-07-28 15:05:23 +02:00
cpumask.c x86: remove some alloc_bootmem_cpumask_var calling 2009-06-11 19:27:07 +03:00
crc7.c
crc16.c
crc32.c crc32: minor optimizations and cleanup 2009-12-15 08:53:35 -08:00
crc32defs.h
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c [SCSI] lib: Add support for the T10 (SCSI) Data Integrity Field CRC 2008-07-12 08:22:32 -05:00
ctype.c ctype: constify read-only _ctype string 2009-12-15 08:53:32 -08:00
debug_locks.c lockdep: warn about lockdep disabling after kernel taint 2009-04-12 16:10:51 +02:00
debugobjects.c debugobjects: Convert to raw_spinlocks 2009-12-14 23:55:34 +01:00
dec_and_lock.c atomic: only take lock when the counter drops to zero on UP as well 2009-06-16 19:47:47 -07:00
decompress_bunzip2.c bzip2: Add missing checks for malloc returning NULL 2009-12-15 14:04:19 -08:00
decompress_inflate.c lzma/gzip: fix potential oops when input data is truncated 2009-09-24 07:21:05 -07:00
decompress_unlzma.c lzma/gzip: fix potential oops when input data is truncated 2009-09-24 07:21:05 -07:00
decompress_unlzo.c lib: add support for LZO-compressed kernels 2010-01-11 09:34:04 -08:00
decompress.c Add LZO compression support for initramfs and old-style initrd 2010-01-11 09:34:05 -08:00
devres.c [POWERPC] devres: Add devm_ioremap_prot() 2008-05-05 16:47:14 +10:00
div64.c add an inlined version of iter_div_u64_rem 2008-06-12 10:47:58 +02:00
dma-debug.c Merge branches 'amd-iommu/fixes' and 'dma-debug/fixes' into iommu/fixes 2010-01-22 18:00:41 +01:00
dump_stack.c
dynamic_debug.c tree-wide: convert open calls to remove spaces to skip_spaces() lib function 2009-12-15 08:53:32 -08:00
extable.c module: trim exception table on init free. 2009-06-12 21:47:04 +09:30
fault-inject.c headers: remove sched.h from interrupt.h 2009-10-11 11:20:58 -07:00
find_last_bit.c bitmap: find_last_bit() 2009-01-01 10:12:19 +10:30
find_next_bit.c bitops: remove "optimizations" 2008-04-29 08:11:16 -07:00
flex_array.c flex_array: add missing kerneldoc annotations 2009-09-22 07:17:47 -07:00
gcd.c lib: add lib/gcd.c 2009-06-18 13:04:05 -07:00
gen_crc32table.c
genalloc.c genalloc: use bitmap_find_next_zero_area 2009-12-16 07:20:21 -08:00
halfmd4.c
hexdump.c hexdump: remove the trailing space 2009-06-16 19:47:51 -07:00
hweight.c
idr.c idr: fix a critical misallocation bug, take#2 2010-02-22 19:50:34 -08:00
inflate.c Nicolas Pitre has a new email address 2009-09-15 09:37:12 -07:00
int_sqrt.c
iomap_copy.c
iomap.c Use WARN() in lib/ 2008-07-26 12:00:07 -07:00
iommu-helper.c iommu-helper: use bitmap library 2009-12-16 07:20:18 -08:00
ioremap.c
irq_regs.c
is_single_threaded.c kernel: is_current_single_threaded: don't use ->mmap_sem 2009-07-17 09:11:31 +10:00
kasprintf.c
Kconfig Add LZO compression support for initramfs and old-style initrd 2010-01-11 09:34:05 -08:00
Kconfig.debug Merge branch 'kmemleak' of git://linux-arm.org/linux-2.6 2009-12-17 16:00:19 -08:00
Kconfig.kgdb kgdb: remove the requirement for CONFIG_FRAME_POINTER 2008-08-01 08:39:34 -05:00
Kconfig.kmemcheck kmemcheck: depend on HAVE_ARCH_KMEMCHECK 2009-07-01 22:28:44 +02:00
kernel_lock.c bkl: Fixup core_lock fallout 2009-12-14 23:55:33 +01:00
klist.c driver core: Remove completion from struct klist_node 2009-01-06 10:44:30 -08:00
kobject_uevent.c driver core: allow non-root users to listen to uevents 2009-04-16 16:17:09 -07:00
kobject.c kobject: make kset_create check kobject_set_name return value 2009-06-15 21:30:24 -07:00
kref.c
libcrc32c.c libcrc32c: Fix "crc32c undefined" compilation error 2008-12-25 11:01:42 +11:00
list_debug.c list debugging: use WARN() instead of BUG() 2008-07-25 10:53:29 -07:00
list_sort.c lib: Introduce generic list_sort function 2010-01-12 21:02:00 -08:00
lmb.c powerpc: allow ioremap within reserved memory regions 2009-12-12 22:24:32 -07:00
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c locking: rename trace_softirq_[enter|exit] => lockdep_softirq_[enter|exit] 2009-03-13 01:32:36 +01:00
lru_cache.c The DRBD driver 2009-10-01 21:17:49 +02:00
Makefile lib: Introduce generic list_sort function 2010-01-12 21:02:00 -08:00
nlattr.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2009-03-26 22:45:23 -07:00
parser.c parser: remove unnecessary strlen() 2009-12-15 08:53:33 -08:00
percpu_counter.c Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2009-01-06 17:10:04 -08:00
plist.c plist: Make plist debugging raw_spinlock aware 2009-12-14 23:55:33 +01:00
prio_heap.c lib: fix sparse shadowed variable warning 2009-01-06 15:59:11 -08:00
prio_tree.c
proportions.c Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2009-01-06 17:10:04 -08:00
radix-tree.c FS-Cache: Don't delete pending pages from the page-store tracking tree 2009-11-19 18:11:29 +00:00
random32.c random32: seeding improvement 2008-07-30 16:29:19 -07:00
ratelimit.c ratelimit: Make suppressed output messages more useful 2009-10-23 17:26:37 +02:00
rational.c lib/rational.c needs module.h 2010-01-11 09:34:05 -08:00
rbtree.c rb_tree: remove redundant if()-condition in rb_erase() 2009-06-16 19:47:56 -07:00
reciprocal_div.c
rwsem-spinlock.c rwsem: fix rwsem_is_locked() bugs 2009-12-15 08:53:26 -08:00
rwsem.c
scatterlist.c lib/scatterlist: add a flags to signalize mapping direction 2009-07-31 12:28:45 +02:00
sha1.c
show_mem.c lib: generic show_mem() 2008-07-26 12:00:10 -07:00
smp_processor_id.c cpumask: convert lib/smp_processor_id to new cpumask ops 2009-01-30 15:47:34 +01:00
sort.c generic swap(): lib/sort.c: rename swap to swap_func 2009-01-08 08:31:14 -08:00
spinlock_debug.c locking: Further name space cleanups 2009-12-14 23:55:33 +01:00
string_helpers.c [SCSI] lib: string_get_size(): don't hang on zero; no decimals on exact 2008-10-23 11:42:20 -05:00
string.c lib: Introduce strnstr() 2010-01-14 22:38:09 -05:00
swiotlb.c dma-mapping: fix off-by-one error in dma_capable() 2009-12-16 07:20:12 -08:00
syscall.c task_current_syscall 2008-07-26 12:00:10 -07:00
textsearch.c remove CONFIG_KMOD from lib 2008-07-22 19:24:31 +10:00
ts_bm.c textsearch: ts_bm: support case insensitive searching in Boyer-Moore algorithm 2008-07-08 02:37:54 -07:00
ts_fsm.c textsearch: ts_fsm: return error on request for case insensitive search 2008-07-08 02:38:27 -07:00
ts_kmp.c textsearch: ts_kmp: support case insensitive searching in Knuth-Morris-Pratt algorithm 2008-07-08 02:38:09 -07:00
vsprintf.c vsnprintf: fix reference for compressed ipv6 addresses 2010-01-11 09:34:06 -08:00