[6.6,07/28] maple_tree: make mas_erase() more robust

Message ID	20241024132009.2267260-8-yukuai1@huaweicloud.com (mailing list archive)
State	New
Headers	show Return-Path: <owner-linux-mm@kvack.org> From: Yu Kuai <yukuai1@huaweicloud.com> To: stable@vger.kernel.org, gregkh@linuxfoundation.org, harry.wentland@amd.com, sunpeng.li@amd.com, Rodrigo.Siqueira@amd.com, alexander.deucher@amd.com, christian.koenig@amd.com, Xinhui.Pan@amd.com, airlied@gmail.com, daniel@ffwll.ch, viro@zeniv.linux.org.uk, brauner@kernel.org, Liam.Howlett@oracle.com, akpm@linux-foundation.org, hughd@google.com, willy@infradead.org, sashal@kernel.org, srinivasan.shanmugam@amd.com, chiahsuan.chung@amd.com, mingo@kernel.org, mgorman@techsingularity.net, yukuai3@huawei.com, chengming.zhou@linux.dev, zhangpeng.00@bytedance.com, chuck.lever@oracle.com Cc: amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, maple-tree@lists.infradead.org, linux-mm@kvack.org, yukuai1@huaweicloud.com, yi.zhang@huawei.com, yangerkun@huawei.com Subject: [PATCH 6.6 07/28] maple_tree: make mas_erase() more robust Date: Thu, 24 Oct 2024 21:19:48 +0800 Message-Id: <20241024132009.2267260-8-yukuai1@huaweicloud.com> In-Reply-To: <20241024132009.2267260-1-yukuai1@huaweicloud.com> References: <20241024132009.2267260-1-yukuai1@huaweicloud.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	fix CVE-2024-46701 \| expand [6.6,00/28] fix CVE-2024-46701 [6.6,01/28] maple_tree: add mt_free_one() and mt_attr() helpers [6.6,02/28] maple_tree: introduce {mtree,mas}_lock_nested() [6.6,03/28] maple_tree: introduce interfaces __mt_dup() and mtree_dup() [6.6,04/28] maple_tree: skip other tests when BENCH is enabled [6.6,05/28] maple_tree: preserve the tree attributes when destroying maple tree [6.6,06/28] maple_tree: remove unnecessary default labels from switch statements [6.6,07/28] maple_tree: make mas_erase() more robust [6.6,08/28] maple_tree: move debug check to __mas_set_range() [6.6,09/28] maple_tree: add end of node tracking to the maple state [6.6,10/28] maple_tree: use cached node end in mas_next() [6.6,11/28] maple_tree: use cached node end in mas_destroy() [6.6,12/28] maple_tree: clean up inlines for some functions [6.6,13/28] maple_tree: add test for mtree_dup() [6.6,14/28] maple_tree: separate ma_state node from status [6.6,15/28] maple_tree: remove mas_searchable() [6.6,16/28] Revert "maple_tree: correct tree corruption on spanning store" [6.6,17/28] maple_tree: use maple state end for write operations [6.6,18/28] maple_tree: don't find node end in mtree_lookup_walk() [6.6,19/28] maple_tree: mtree_range_walk() clean up [6.6,20/28] lib/maple_tree.c: fix build error due to hotfix alteration [6.6,21/28] maple_tree: avoid checking other gaps after getting the largest gap [6.6,22/28] libfs: Re-arrange locking in offset_iterate_dir() [6.6,23/28] libfs: Define a minimum directory offset [6.6,24/28] libfs: Add simple_offset_empty() [6.6,25/28] maple_tree: Add mtree_alloc_cyclic() [6.6,26/28] libfs: Convert simple directory offsets to use a Maple Tree [6.6,27/28] libfs: fix infinite directory reads for offset dir [6.6,28/28] maple_tree: correct tree corruption on spanning store

Message ID

20241024132009.2267260-8-yukuai1@huaweicloud.com (mailing list archive)

State

New

Headers

From: Yu Kuai <yukuai1@huaweicloud.com>
To: stable@vger.kernel.org,
	gregkh@linuxfoundation.org,
	harry.wentland@amd.com,
	sunpeng.li@amd.com,
	Rodrigo.Siqueira@amd.com,
	alexander.deucher@amd.com,
	christian.koenig@amd.com,
	Xinhui.Pan@amd.com,
	airlied@gmail.com,
	daniel@ffwll.ch,
	viro@zeniv.linux.org.uk,
	brauner@kernel.org,
	Liam.Howlett@oracle.com,
	akpm@linux-foundation.org,
	hughd@google.com,
	willy@infradead.org,
	sashal@kernel.org,
	srinivasan.shanmugam@amd.com,
	chiahsuan.chung@amd.com,
	mingo@kernel.org,
	mgorman@techsingularity.net,
	yukuai3@huawei.com,
	chengming.zhou@linux.dev,
	zhangpeng.00@bytedance.com,
	chuck.lever@oracle.com
Cc: amd-gfx@lists.freedesktop.org,
	dri-devel@lists.freedesktop.org,
	linux-kernel@vger.kernel.org,
	linux-fsdevel@vger.kernel.org,
	maple-tree@lists.infradead.org,
	linux-mm@kvack.org,
	yukuai1@huaweicloud.com,
	yi.zhang@huawei.com,
	yangerkun@huawei.com
Subject: [PATCH 6.6 07/28] maple_tree: make mas_erase() more robust
Date: Thu, 24 Oct 2024 21:19:48 +0800
Message-Id: <20241024132009.2267260-8-yukuai1@huaweicloud.com>
In-Reply-To: <20241024132009.2267260-1-yukuai1@huaweicloud.com>
References: <20241024132009.2267260-1-yukuai1@huaweicloud.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

fix CVE-2024-46701 | expand

Commit Message

Yu Kuai Oct. 24, 2024, 1:19 p.m. UTC

From: "Liam R. Howlett" <Liam.Howlett@oracle.com>

commit f7a59018953910032231c0a019208c4b0a4a8bc3 upstream.

mas_erase() may not deal correctly with all maple states.  Make the
function more robust by ensuring the state is in one of the two acceptable
states.

Link: https://lkml.kernel.org/r/20231101171629.3612299-3-Liam.Howlett@oracle.com
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Cc: Peng Zhang <zhangpeng.00@bytedance.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
---
 lib/maple_tree.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/maple_tree.c b/lib/maple_tree.c
index 9de2e3dfdfcc..e4d0df3980e0 100644
--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -6184,7 +6184,7 @@  void *mas_erase(struct ma_state *mas)
 	void *entry;
 	MA_WR_STATE(wr_mas, mas, NULL);
 
-	if (mas_is_none(mas) || mas_is_paused(mas))
+	if (!mas_is_active(mas) || !mas_is_start(mas))
 		mas->node = MAS_START;
 
 	/* Retry unnecessary when holding the write lock. */

[6.6,07/28] maple_tree: make mas_erase() more robust

Commit Message

Patch