diff mbox series

padata: Fix list iterator in padata_do_serial()

Message ID 20221117012804.62514-1-daniel.m.jordan@oracle.com (mailing list archive)
State Accepted
Delegated to: Herbert Xu
Headers show
Series padata: Fix list iterator in padata_do_serial() | expand

Commit Message

Daniel Jordan Nov. 17, 2022, 1:28 a.m. UTC 
list_for_each_entry_reverse() assumes that the iterated list is nonempty
and that every list_head is embedded in the same type, but its use in
padata_do_serial() breaks both rules.

This doesn't cause any issues now because padata_priv and padata_list
happen to have their list fields at the same offset, but we really
shouldn't be relying on that.

Fixes: bfde23ce200e ("padata: unbind parallel jobs from specific CPUs")
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
---
 kernel/padata.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

Comments

Herbert Xu Nov. 25, 2022, 9:45 a.m. UTC | #1 
On Wed, Nov 16, 2022 at 08:28:04PM -0500, Daniel Jordan wrote:
> list_for_each_entry_reverse() assumes that the iterated list is nonempty
> and that every list_head is embedded in the same type, but its use in
> padata_do_serial() breaks both rules.
> 
> This doesn't cause any issues now because padata_priv and padata_list
> happen to have their list fields at the same offset, but we really
> shouldn't be relying on that.
> 
> Fixes: bfde23ce200e ("padata: unbind parallel jobs from specific CPUs")
> Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
> ---
>  kernel/padata.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)

Patch applied.  Thanks.
diff mbox series

Patch

diff --git a/kernel/padata.c b/kernel/padata.c
index 97f51e0c1776..de90af5fcbe6 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -390,13 +390,16 @@  void padata_do_serial(struct padata_priv *padata)
 	int hashed_cpu = padata_cpu_hash(pd, padata->seq_nr);
 	struct padata_list *reorder = per_cpu_ptr(pd->reorder_list, hashed_cpu);
 	struct padata_priv *cur;
+	struct list_head *pos;
 
 	spin_lock(&reorder->lock);
 	/* Sort in ascending order of sequence number. */
-	list_for_each_entry_reverse(cur, &reorder->list, list)
+	list_for_each_prev(pos, &reorder->list) {
+		cur = list_entry(pos, struct padata_priv, list);
 		if (cur->seq_nr < padata->seq_nr)
 			break;
-	list_add(&padata->list, &cur->list);
+	}
+	list_add(&padata->list, pos);
 	spin_unlock(&reorder->lock);
 
 	/*