linux/lib
David Howells ce82653d6c radix_tree_tag_get() is not as safe as the docs make out [ver #2]
radix_tree_tag_get() is not safe to use concurrently with radix_tree_tag_set()
or radix_tree_tag_clear().  The problem is that the double tag_get() in
radix_tree_tag_get():

		if (!tag_get(node, tag, offset))
			saw_unset_tag = 1;
		if (height == 1) {
			int ret = tag_get(node, tag, offset);

may see the value change due to the action of set/clear.  RCU is no protection
against this as no pointers are being changed, no nodes are being replaced
according to a COW protocol - set/clear alter the node directly.

The documentation in linux/radix-tree.h, however, says that
radix_tree_tag_get() is an exception to the rule that "any function modifying
the tree or tags (...) must exclude other modifications, and exclude any
functions reading the tree".

The problem is that the next statement in radix_tree_tag_get() checks that the
tag doesn't vary over time:

			BUG_ON(ret && saw_unset_tag);

This has been seen happening in FS-Cache:

	https://www.redhat.com/archives/linux-cachefs/2010-April/msg00013.html

To this end, remove the BUG_ON() from radix_tree_tag_get() and note in various
comments that the value of the tag may change whilst the RCU read lock is held,
and thus that the return value of radix_tree_tag_get() may not be relied upon
unless radix_tree_tag_set/clear() and radix_tree_delete() are excluded from
running concurrently with it.

Reported-by: Romain DEGEZ <romain.degez@smartjog.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-04-09 10:12:03 -07:00
..
lzo lib: add support for LZO-compressed kernels 2010-01-11 09:34:04 -08:00
reed_solomon
zlib_deflate trivial: fix typo "to to" in multiple files 2009-09-21 15:14:55 +02:00
zlib_inflate inflate_fast: sout is already a short so ptr arith was off by one. 2010-03-12 15:52:44 -08:00
.gitignore
argv_split.c tree-wide: convert open calls to remove spaces to skip_spaces() lib function 2009-12-15 08:53:32 -08:00
atomic64.c lib: export generic atomic64_t functions 2009-07-29 19:10:35 -07:00
audit.c
bcd.c rtc: BCD codeshrink 2008-07-24 10:47:33 -07:00
bitmap.c bitmap: use for_each_set_bit() 2010-03-06 11:26:35 -08:00
bitrev.c
btree.c [LogFS] add new flash file system 2009-11-20 20:13:39 +01:00
bug.c allow bug table entries to use relative pointers (and use it on x86-64) 2008-12-16 18:40:32 +01:00
bust_spinlocks.c oops handling: ensure that any oops is flushed to the mtdoops console 2009-01-06 15:59:11 -08:00
check_signature.c
checksum.c lib/checksum: fix one more thinko 2009-11-03 16:06:53 +01:00
cmdline.c generic, memparse(): constify argument 2008-07-28 15:05:23 +02:00
cpumask.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
crc7.c
crc16.c
crc32.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
crc32defs.h
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c [SCSI] lib: Add support for the T10 (SCSI) Data Integrity Field CRC 2008-07-12 08:22:32 -05:00
ctype.c ctype: constify read-only _ctype string 2009-12-15 08:53:32 -08:00
debug_locks.c rcu: Introduce lockdep-based checking to RCU read-side primitives 2010-02-25 09:40:59 +01:00
debugobjects.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
dec_and_lock.c atomic: only take lock when the counter drops to zero on UP as well 2009-06-16 19:47:47 -07:00
decompress_bunzip2.c bzip2: Add missing checks for malloc returning NULL 2009-12-15 14:04:19 -08:00
decompress_inflate.c lzma/gzip: fix potential oops when input data is truncated 2009-09-24 07:21:05 -07:00
decompress_unlzma.c lzma/gzip: fix potential oops when input data is truncated 2009-09-24 07:21:05 -07:00
decompress_unlzo.c lib: add support for LZO-compressed kernels 2010-01-11 09:34:04 -08:00
decompress.c Add LZO compression support for initramfs and old-style initrd 2010-01-11 09:34:05 -08:00
devres.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
div64.c
dma-debug.c Merge branches 'amd-iommu/fixes' and 'dma-debug/fixes' into iommu/fixes 2010-01-22 18:00:41 +01:00
dump_stack.c
dynamic_debug.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
extable.c module: trim exception table on init free. 2009-06-12 21:47:04 +09:30
fault-inject.c headers: remove sched.h from interrupt.h 2009-10-11 11:20:58 -07:00
find_last_bit.c bitmap: find_last_bit() 2009-01-01 10:12:19 +10:30
find_next_bit.c
flex_array.c flex_array: add missing kerneldoc annotations 2009-09-22 07:17:47 -07:00
gcd.c lib: add lib/gcd.c 2009-06-18 13:04:05 -07:00
gen_crc32table.c
genalloc.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
halfmd4.c
hexdump.c hexdump: remove the trailing space 2009-06-16 19:47:51 -07:00
hweight.c x86, core: Optimize hweight32() 2009-12-28 10:41:39 +01:00
idr.c idr: Apply lockdep-based diagnostics to rcu_dereference() uses 2010-02-25 10:34:51 +01:00
inflate.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
int_sqrt.c
iomap_copy.c
iomap.c Use WARN() in lib/ 2008-07-26 12:00:07 -07:00
iommu-helper.c iommu-helper: use bitmap library 2009-12-16 07:20:18 -08:00
ioremap.c
irq_regs.c
is_single_threaded.c kernel: is_current_single_threaded: don't use ->mmap_sem 2009-07-17 09:11:31 +10:00
kasprintf.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
Kconfig Revert "lib: build list_sort() only if needed" 2010-03-07 09:54:44 -08:00
Kconfig.debug microblaze: Enable memory leak detector 2010-04-07 07:27:26 +02:00
Kconfig.kgdb kgdb: remove the requirement for CONFIG_FRAME_POINTER 2008-08-01 08:39:34 -05:00
Kconfig.kmemcheck kmemcheck: depend on HAVE_ARCH_KMEMCHECK 2009-07-01 22:28:44 +02:00
kernel_lock.c bkl: Fixup core_lock fallout 2009-12-14 23:55:33 +01:00
klist.c driver core: Remove completion from struct klist_node 2009-01-06 10:44:30 -08:00
kobject_uevent.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
kobject.c Driver core: Constify struct sysfs_ops in struct kobj_type 2010-03-07 17:04:49 -08:00
kref.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
libcrc32c.c libcrc32c: Fix "crc32c undefined" compilation error 2008-12-25 11:01:42 +11:00
list_debug.c list debugging: use WARN() instead of BUG() 2008-07-25 10:53:29 -07:00
list_sort.c lib: revise list_sort() header comment 2010-03-06 11:26:35 -08:00
lmb.c lmb: Add lmb_free() 2010-02-03 17:39:50 +11:00
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c locking: rename trace_softirq_[enter|exit] => lockdep_softirq_[enter|exit] 2009-03-13 01:32:36 +01:00
lru_cache.c The DRBD driver 2009-10-01 21:17:49 +02:00
Makefile Revert "lib: build list_sort() only if needed" 2010-03-07 09:54:44 -08:00
nlattr.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2009-03-26 22:45:23 -07:00
parser.c parser: remove unnecessary strlen() 2009-12-15 08:53:33 -08:00
percpu_counter.c Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2009-01-06 17:10:04 -08:00
plist.c plist: Make plist debugging raw_spinlock aware 2009-12-14 23:55:33 +01:00
prio_heap.c lib: fix sparse shadowed variable warning 2009-01-06 15:59:11 -08:00
prio_tree.c
proportions.c Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2009-01-06 17:10:04 -08:00
radix-tree.c radix_tree_tag_get() is not as safe as the docs make out [ver #2] 2010-04-09 10:12:03 -07:00
random32.c random32: seeding improvement 2008-07-30 16:29:19 -07:00
ratelimit.c ratelimit: fix the return value when __ratelimit() fails to acquire the lock 2010-04-07 08:38:04 -07:00
rational.c lib/rational.c needs module.h 2010-01-11 09:34:05 -08:00
rbtree.c rb_tree: remove redundant if()-condition in rb_erase() 2009-06-16 19:47:56 -07:00
reciprocal_div.c
rwsem-spinlock.c rwsem generic spinlock: use IRQ save/restore spinlocks 2010-04-07 16:15:05 -07:00
rwsem.c
scatterlist.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
sha1.c
show_mem.c mm: use the same log level for show_mem() 2010-03-06 11:26:27 -08:00
smp_processor_id.c cpumask: convert lib/smp_processor_id to new cpumask ops 2009-01-30 15:47:34 +01:00
sort.c generic swap(): lib/sort.c: rename swap to swap_func 2009-01-08 08:31:14 -08:00
spinlock_debug.c locking: Further name space cleanups 2009-12-14 23:55:33 +01:00
string_helpers.c [SCSI] lib: string_get_size(): don't hang on zero; no decimals on exact 2008-10-23 11:42:20 -05:00
string.c lib/string.c: simplify strnstr() 2010-03-06 11:26:35 -08:00
swiotlb.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
syscall.c task_current_syscall 2008-07-26 12:00:10 -07:00
textsearch.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ts_bm.c textsearch: ts_bm: support case insensitive searching in Boyer-Moore algorithm 2008-07-08 02:37:54 -07:00
ts_fsm.c textsearch: ts_fsm: return error on request for case insensitive search 2008-07-08 02:38:27 -07:00
ts_kmp.c textsearch: ts_kmp: support case insensitive searching in Knuth-Morris-Pratt algorithm 2008-07-08 02:38:09 -07:00
vsprintf.c resource: add window support 2010-03-14 20:08:36 -04:00