| Message ID | 20220517145913.3480729-1-Liam.Howlett@oracle.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | maple_tree: Fix mas_next() when already on the last node entry | expand |
Liam Howlett <liam.howlett@oracle.com> writes: > It is possible to return the metadata as the next entry if the last node > entry is already in the maple state and the limit is not reached. Check > for this condition in mas_next_nentry() where the node end is returned. > > Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Thanks, that matches my observation from the initial report that we're returing metadata. I just applied the patch to next-20220516 and i'm no longer able to trigger the crash. So feel free to add my: Tested-by: Sven Schnelle <svens@linux.ibm.com> However, as Heiko already wrote in another mail i would also like to request that the maple tree code isn't merged with the next merge window. These patches touch a lot of critical infrastructure, and i would like to have it in next for at least one development cycle, so we can be sure that we've seen and fixed most of the issues. Thanks, Sven > --- > lib/maple_tree.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/lib/maple_tree.c b/lib/maple_tree.c > index 967631055210..751aafd01c42 100644 > --- a/lib/maple_tree.c > +++ b/lib/maple_tree.c > @@ -4547,6 +4547,9 @@ static inline void *mas_next_nentry(struct ma_state *mas, > return NULL; > > count = ma_data_end(node, type, pivots, mas->max); > + if (mas->offset > count) > + return NULL; > + > while (mas->offset < count) { > pivot = pivots[mas->offset]; > entry = mas_slot(mas, slots, mas->offset);
diff --git a/lib/maple_tree.c b/lib/maple_tree.c index 967631055210..751aafd01c42 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -4547,6 +4547,9 @@ static inline void *mas_next_nentry(struct ma_state *mas, return NULL; count = ma_data_end(node, type, pivots, mas->max); + if (mas->offset > count) + return NULL; + while (mas->offset < count) { pivot = pivots[mas->offset]; entry = mas_slot(mas, slots, mas->offset);
It is possible to return the metadata as the next entry if the last node entry is already in the maple state and the limit is not reached. Check for this condition in mas_next_nentry() where the node end is returned. Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> --- lib/maple_tree.c | 3 +++ 1 file changed, 3 insertions(+)