1. Patchew
  2. linux
  3. View series

[PATCH] padata: Fix list iterator in padata_do_serial()

Daniel Jordan posted 1 patch 3 years, 4 months ago 
kernel/padata.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
[PATCH] padata: Fix list iterator in padata_do_serial()
Posted by Daniel Jordan 3 years, 4 months ago 
list_for_each_entry_reverse() assumes that the iterated list is nonempty
and that every list_head is embedded in the same type, but its use in
padata_do_serial() breaks both rules.

This doesn't cause any issues now because padata_priv and padata_list
happen to have their list fields at the same offset, but we really
shouldn't be relying on that.

Fixes: bfde23ce200e ("padata: unbind parallel jobs from specific CPUs")
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
---
 kernel/padata.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/kernel/padata.c b/kernel/padata.c
index 97f51e0c1776..de90af5fcbe6 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -390,13 +390,16 @@ void padata_do_serial(struct padata_priv *padata)
 	int hashed_cpu = padata_cpu_hash(pd, padata->seq_nr);
 	struct padata_list *reorder = per_cpu_ptr(pd->reorder_list, hashed_cpu);
 	struct padata_priv *cur;
+	struct list_head *pos;
 
 	spin_lock(&reorder->lock);
 	/* Sort in ascending order of sequence number. */
-	list_for_each_entry_reverse(cur, &reorder->list, list)
+	list_for_each_prev(pos, &reorder->list) {
+		cur = list_entry(pos, struct padata_priv, list);
 		if (cur->seq_nr < padata->seq_nr)
 			break;
-	list_add(&padata->list, &cur->list);
+	}
+	list_add(&padata->list, pos);
 	spin_unlock(&reorder->lock);
 
 	/*
-- 
2.38.1
Re: [PATCH] padata: Fix list iterator in padata_do_serial()
Posted by Herbert Xu 3 years, 4 months ago 
On Wed, Nov 16, 2022 at 08:28:04PM -0500, Daniel Jordan wrote:
> list_for_each_entry_reverse() assumes that the iterated list is nonempty
> and that every list_head is embedded in the same type, but its use in
> padata_do_serial() breaks both rules.
> 
> This doesn't cause any issues now because padata_priv and padata_list
> happen to have their list fields at the same offset, but we really
> shouldn't be relying on that.
> 
> Fixes: bfde23ce200e ("padata: unbind parallel jobs from specific CPUs")
> Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
> ---
>  kernel/padata.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.