ida: Fix crash in ida_free when the bitmap is empty

Evolution-X-Devices/kernel_realme_sm7125

commit af73483f4e8b6f5c68c9aa63257bdd929a9c194a upstream.

The IDA usually detects double-frees, but that detection failed to
consider the case when there are no nearby IDs allocated and so we have a
NULL bitmap rather than simply having a clear bit.  Add some tests to the
test-suite to be sure we don't inadvertently reintroduce this problem.
Unfortunately they're quite noisy so include a message to disregard
the warnings.

Reported-by: Zhenghan Wang <wzhmmmmm@gmail.com>
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 89db5346acb5a15e670c4fb3b8f3c30fa30ebc15)
[Vegard: remove changes to lib/test_ida.c which does not exist in 4.14.]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>

This commit is contained in:

Matthew Wilcox (Oracle)

2023-12-21 16:53:57 +00:00

committed by

theshaenix

parent 1b3761a640

commit 26a9907073

1 changed files with 1 additions and 1 deletions

									
										2

lib/idr.c
									
												View File
												
				@@ -387,7 +387,7 @@ void ida_remove(struct ida *ida, int id)

					} else {

						btmp = bitmap->bitmap;

					}

					if (!test_bit(offset, btmp))

					if (!bitmap || !test_bit(offset, btmp))

						goto err;

					__clear_bit(offset, btmp);

ida: Fix crash in ida_free when the bitmap is empty

2 lib/idr.c Unescape Escape View File

2

lib/idr.c

View File