[PATCH] lib/idr.c: Zero memory properly in idr_remove_all
From: David Moore
Date: Sat Jan 10 2009 - 02:05:33 EST
From: David Moore <dcm@xxxxxxx>
The idr_remove_all() function returns unused slabs to the kmem cache,
but needs to zero them first or else they will be uninitialized upon
next use. This fixes crashes which have been observed in the firewire
subsystem.
Signed-off-by: David Moore <dcm@xxxxxxx>
---
lib/idr.c | 16 +++++++++++++++-
1 files changed, 15 insertions(+), 1 deletions(-)
diff --git a/lib/idr.c b/lib/idr.c
index 1c4f928..69c3455 100644
--- a/lib/idr.c
+++ b/lib/idr.c
@@ -65,6 +65,20 @@ static inline void free_layer(struct idr_layer *p)
call_rcu(&p->rcu_head, idr_layer_rcu_free);
}
+static void idr_layer_rcu_free_zero(struct rcu_head *head)
+{
+ struct idr_layer *layer;
+
+ layer = container_of(head, struct idr_layer, rcu_head);
+ memset(layer, 0, sizeof(struct idr_layer));
+ kmem_cache_free(idr_layer_cache, layer);
+}
+
+static inline void free_layer_zero(struct idr_layer *p)
+{
+ call_rcu(&p->rcu_head, idr_layer_rcu_free_zero);
+}
+
/* only called when idp->lock is held */
static void __move_to_free_list(struct idr *idp, struct idr_layer *p)
{
@@ -462,7 +476,7 @@ void idr_remove_all(struct idr *idp)
id += 1 << n;
while (n < fls(id)) {
if (p)
- free_layer(p);
+ free_layer_zero(p);
n += IDR_BITS;
p = *--paa;
}
--
1.6.0.6
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/