From patchwork Fri Jan 11 20:58:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Qian Cai X-Patchwork-Id: 10760685 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4C32B91E for ; Fri, 11 Jan 2019 20:59:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 382D029522 for ; Fri, 11 Jan 2019 20:59:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 27E5A29545; Fri, 11 Jan 2019 20:59:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5DD3729522 for ; Fri, 11 Jan 2019 20:59:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 69A8F8E0003; Fri, 11 Jan 2019 15:59:10 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 647AB8E0001; Fri, 11 Jan 2019 15:59:10 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 511538E0003; Fri, 11 Jan 2019 15:59:10 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-qt1-f200.google.com (mail-qt1-f200.google.com [209.85.160.200]) by kanga.kvack.org (Postfix) with ESMTP id 20D668E0001 for ; Fri, 11 Jan 2019 15:59:10 -0500 (EST) Received: by mail-qt1-f200.google.com with SMTP id u32so17962041qte.1 for ; Fri, 11 Jan 2019 12:59:10 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references; bh=nLURB8lQzG7p+sod0PD/WoOlCEtowuu31PoAPAwMNgI=; b=ZcJz1fcQeqJRINLNxV2H+FtLh9fBj9YIOrsMq4hyEn9Ry+mk+uXur3ANbrbqsR3Vnt S2osphdZqDcN1jCKWYGB4ORFdq5vrArQgLgzLym4MVLBYw5yz4qvINvKEg0RgFKiHjFP ZMRGaSpMYcwpoU2a75nRR2yQs/kCGxHEpTDEaBsSvhdprv4xikO9i8iHKinmvtsf6m8O +U/ccbBku6/D/tnmft8ftbQVY9442bL/8JBE7onc1keaDdg+jzAD7XSABpkiGJX/DF61 aissVW9bJ4MgzYHudg6LsCmpi9AZVIY5dpEDwx7mGqC5slZh1ibenLgIiXstac1OsWLN jhOQ== X-Gm-Message-State: AJcUukctCpeWiz0ftR/bJwuIvh0flDC8Sa2kENwBlHv5Y5z9jpRXtlLp 55yiCksQatFOn8GXxps+2Y3CLFZR61/Z1g1B8Yp/wh64XjKvVEULxfduJdkGxNYzvcSm+Q3JbpD rSDDUpndQg/LuQYuBOhnXdo4hXYNLn6tzaqGZ5aQJMgIAc3D9WNTt1fwX53JSOMA84CN4ceGrYA RI0Ak4tOkvhdyIM5fnNWYGwwmFHoDzrGXI99SH1goJOypieV5rmwlP1pJPcp81nKdu2tPCGwePy A2B9CfDqCM/umIxyBNnRVO2G6d49+u+x2jeutuOl3/8nMmB0K8GcxwtAHlTbh9yPGWuKEUhyuBM d0g7U/tf/Dfbq380XSYHgpegnP4DoPiF9aC+RXOUTcEcuvj00DQaR3b56Tw4V/Q4o1rZ6ga8zcD O X-Received: by 2002:ac8:27c8:: with SMTP id x8mr14817183qtx.352.1547240349841; Fri, 11 Jan 2019 12:59:09 -0800 (PST) X-Received: by 2002:ac8:27c8:: with SMTP id x8mr14817158qtx.352.1547240349268; Fri, 11 Jan 2019 12:59:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547240349; cv=none; d=google.com; s=arc-20160816; b=weUfwLQ/ZB9FMbegmhepvERHg6Y0M+7Q0yvuxTvbrdfHHFS6k2eTiibsZjN1mFvy+A n7vEzQs9/MnyXCAzaom+HfU8QfA+A0mtFlw6u4NDjZH+ugLbxxcNXTrwgVk193wfMLGc BqfDC67A4aFfErYm+UQN1WguV8sQY8vpbyP6VXxg/0tHVr1X33vyegM1HsOMVy1hMTV+ rFZf5ZcFieTcwBED5hotAboyfORDkH5NNpZ74C/KX21x3dHTpOarJKMgh7IhOO/HsMW3 curQ+YuR4rB02WlNDbqaWTwcYM3LiTong6uvPR++dHlR+QE3H+2X3kptuPDeRGkhhW7z A1mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=nLURB8lQzG7p+sod0PD/WoOlCEtowuu31PoAPAwMNgI=; b=nsFC2t8hsUqYDCuZJX1C/RC5Bw7qzj7kWKaVznqBb6Le8DyXh/BvPvLLwxpSJr8Gtu taEaLL6RXjm3wduMRJel4FnMhEmJhRzird7xMFqggx4iJvIyf3At5z/zMZV9NCMTFl3E ZKXTkttxFWHs+3qHHI7fKTbx0arm9yPJlFNHDjlQNHnTBkANcJp2bVVhJq+t6tUuyuvn CoIQ6Jz+ProQ7rOIzGPeoDX/Bz7EGNlGX5UP1+izxqRjA6ZE4Gih3jKPSMNXbYvy3/TR 42TBRyPQLE1Pa394NIRSHts+VO1wZ5+CzkJebzXlZDfnMm1gctNuLMr+a9ZMr4gmcMkf Bh2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lca.pw header.s=google header.b=VgILSKCf; spf=pass (google.com: domain of cai@lca.pw designates 209.85.220.65 as permitted sender) smtp.mailfrom=cai@lca.pw Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id e38sor76308827qtk.19.2019.01.11.12.59.09 for (Google Transport Security); Fri, 11 Jan 2019 12:59:09 -0800 (PST) Received-SPF: pass (google.com: domain of cai@lca.pw designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@lca.pw header.s=google header.b=VgILSKCf; spf=pass (google.com: domain of cai@lca.pw designates 209.85.220.65 as permitted sender) smtp.mailfrom=cai@lca.pw DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lca.pw; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nLURB8lQzG7p+sod0PD/WoOlCEtowuu31PoAPAwMNgI=; b=VgILSKCfyJyAdjO7qv/SJK+Bd/WLFBcLoOPmoaHAwVR+AayYvZ+zBXwlfXLzl/h8xT /JGW8zy+aucb1hTfa2/qpQ/z+f7DKSj+/d5wyai+hEzuFGU4NBDmyhGX2BAe4lUAJuLt epZ/l7haqkqOuZdV2hKFnGtECjQxkkGxn9dDwO9XC+nRRHPY9ggczJbwFY/aS4K327c8 n41Mm+WWJqEhMcWaAqaIbC086RcC3lk+RJU/qd6E+34ffSqWCMIhyzzDbTxxfqcgBf6d rD6TViRAFUztGNq9jfnRjEfReYX1RrU31BR/A13+ZZMsQLIWoPVOvxymfRx3CR0VO0Gu vq3w== X-Google-Smtp-Source: ALg8bN6XquNmyONIg6xRMXqhZKP/c2GM+PdUT8aDISEi1yVWjES6wf565ksToUTx1qwZlaMJexLR1A== X-Received: by 2002:aed:2dc5:: with SMTP id i63mr15674257qtd.173.1547240349039; Fri, 11 Jan 2019 12:59:09 -0800 (PST) Received: from ovpn-120-55.rdu2.redhat.com (pool-71-184-117-43.bstnma.fios.verizon.net. [71.184.117.43]) by smtp.gmail.com with ESMTPSA id u67sm39861353qki.22.2019.01.11.12.59.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 11 Jan 2019 12:59:08 -0800 (PST) From: Qian Cai To: akpm@linux-foundation.org Cc: esploit@protonmail.ch, jejb@linux.ibm.com, dgilbert@interlog.com, martin.petersen@oracle.com, joeypabalinas@gmail.com, walken@google.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Qian Cai Subject: [PATCH v2] rbtree: fix the red root Date: Fri, 11 Jan 2019 15:58:43 -0500 Message-Id: <20190111205843.25761-1-cai@lca.pw> X-Mailer: git-send-email 2.17.2 (Apple Git-113) In-Reply-To: <20190111181600.GJ6310@bombadil.infradead.org> References: <20190111181600.GJ6310@bombadil.infradead.org> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP A GPF was reported, kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN kasan_die_handler.cold.22+0x11/0x31 notifier_call_chain+0x17b/0x390 atomic_notifier_call_chain+0xa7/0x1b0 notify_die+0x1be/0x2e0 do_general_protection+0x13e/0x330 general_protection+0x1e/0x30 rb_insert_color+0x189/0x1480 create_object+0x785/0xca0 kmemleak_alloc+0x2f/0x50 kmem_cache_alloc+0x1b9/0x3c0 getname_flags+0xdb/0x5d0 getname+0x1e/0x20 do_sys_open+0x3a1/0x7d0 __x64_sys_open+0x7e/0xc0 do_syscall_64+0x1b3/0x820 entry_SYSCALL_64_after_hwframe+0x49/0xbe It turned out, gparent = rb_red_parent(parent); tmp = gparent->rb_right; <-- GPF was triggered here. Apparently, "gparent" is NULL which indicates "parent" is rbtree's root which is red. Otherwise, it will be treated properly a few lines above. /* * If there is a black parent, we are done. * Otherwise, take some corrective action as, * per 4), we don't want a red root or two * consecutive red nodes. */ if(rb_is_black(parent)) break; Hence, it violates the rule #1 (the root can't be red) and need a fix up, and also add a regression test for it. This looks like was introduced by 6d58452dc06 where it no longer always paint the root as black. Fixes: 6d58452dc06 (rbtree: adjust root color in rb_insert_color() only when necessary) Reported-by: Esme Tested-by: Joey Pabalinas Signed-off-by: Qian Cai Tested-by: David Lechner --- v2: add a regression test. lib/rbtree.c | 7 +++++++ lib/rbtree_test.c | 11 +++++++++++ 2 files changed, 18 insertions(+) diff --git a/lib/rbtree.c b/lib/rbtree.c index d3ff682fd4b8..acc969ad8de9 100644 --- a/lib/rbtree.c +++ b/lib/rbtree.c @@ -127,6 +127,13 @@ __rb_insert(struct rb_node *node, struct rb_root *root, break; gparent = rb_red_parent(parent); + if (unlikely(!gparent)) { + /* + * The root is red so correct it. + */ + rb_set_parent_color(parent, NULL, RB_BLACK); + break; + } tmp = gparent->rb_right; if (parent != tmp) { /* parent == gparent->rb_left */ diff --git a/lib/rbtree_test.c b/lib/rbtree_test.c index b7055b2a07d3..afad0213a117 100644 --- a/lib/rbtree_test.c +++ b/lib/rbtree_test.c @@ -345,6 +345,17 @@ static int __init rbtree_test_init(void) check(0); } + /* + * a little regression test to catch a bug may be introduced by + * 6d58452dc06 (rbtree: adjust root color in rb_insert_color() only when + * necessary) + */ + insert(nodes, &root); + nodes->rb.__rb_parent_color = RB_RED; + insert(nodes + 1, &root); + erase(nodes + 1, &root); + erase(nodes, &root); + printk(KERN_ALERT "augmented rbtree testing"); init();