Re: [PATCH v2 01/11] rbtree: Fix rbtree_postorder_for_each_entry_safe()iterator
From: Cody P Schafer
Date: Thu Nov 07 2013 - 16:58:38 EST
On 11/07/2013 01:38 PM, Andrew Morton wrote:
On Wed, 6 Nov 2013 17:42:30 -0800 Cody P Schafer <cody@xxxxxxxxxxxxxxxxxx> wrote:
The iterator rbtree_postorder_for_each_entry_safe() relies on pointer
underflow behavior when testing for loop termination. In particular
it expects that
&rb_entry(NULL, type, field)->field
is NULL. But the result of this expression is not defined by a C standard
and some gcc versions (e.g. 4.3.4) assume the above expression can never
be equal to NULL. The net result is an oops because the iteration is not
properly terminated.
Fix the problem by modifying the iterator to avoid pointer underflows.
So the sole caller is in zswap.c. Is that code actually generating oopses?
I can't reproduce the oopses (at all) with my build/gcc version, but Jan
has reported seeing them (not in zswap, however).
IOW, is there any need to fix this in 3.12 or earlier?
The zswap usage change showed up in 3.12.
In my opinion, it is probably a good idea to apply the fix to 3.12.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/