diff options
| author | Liam R. Howlett <Liam.Howlett@Oracle.com> | 2023-04-11 11:10:44 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-04-13 16:55:38 +0200 |
| commit | 2c9bc4903b96da06220c81b056d6506b2e8e50ad (patch) | |
| tree | 6f9b37ffd2e7c8387202b5dbdc56e1b0f3690aca /lib | |
| parent | f41e9e69277b08db8eab5f23715f17eb34418953 (diff) | |
| download | linux-2c9bc4903b96da06220c81b056d6506b2e8e50ad.tar.gz | |
maple_tree: reduce user error potential
commit 50e81c82ad947045c7ed26ddc9acb17276b653b6 upstream.
When iterating, a user may operate on the tree and cause the maple state
to be altered and left in an unintuitive state. Detect this scenario and
correct it by setting to the limit and invalidating the state.
Link: https://lkml.kernel.org/r/20230120162650.984577-4-Liam.Howlett@oracle.com
Cc: <Stable@vger.kernel.org>
Fixes: 54a611b60590 ("Maple Tree: add new data structure")
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/maple_tree.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/maple_tree.c b/lib/maple_tree.c index f8e1e85dd7a6..360b4bbccd33 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -4731,6 +4731,11 @@ static inline void *mas_next_entry(struct ma_state *mas, unsigned long limit) unsigned long last; enum maple_type mt; + if (mas->index > limit) { + mas->index = mas->last = limit; + mas_pause(mas); + return NULL; + } last = mas->last; retry: offset = mas->offset; @@ -4837,6 +4842,11 @@ static inline void *mas_prev_entry(struct ma_state *mas, unsigned long min) { void *entry; + if (mas->index < min) { + mas->index = mas->last = min; + mas_pause(mas); + return NULL; + } retry: while (likely(!mas_is_none(mas))) { entry = mas_prev_nentry(mas, min, mas->index); |