Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp2519967imw; Wed, 6 Jul 2022 07:19:34 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uA7SFrbzbhSjZFJgsKQrglg2yv5pQTdetbwFsIJIWtGp9L7t43YU9ekD6tzym8CFPQNifW X-Received: by 2002:a17:906:d54e:b0:722:f8c5:a52 with SMTP id cr14-20020a170906d54e00b00722f8c50a52mr40094532ejc.700.1657117173379; Wed, 06 Jul 2022 07:19:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657117173; cv=none; d=google.com; s=arc-20160816; b=JSfRgHzGQPIN/POYYwpqTBLbjFG9PN3pQFRLPsujR52m1rkkjsF8Rd4PEJuOMsIBnE ErYEw5ohwC9eFQtUYfkVyMqfaqpFj2z72sEtJCwdwC5PaLed/t3zzt59GZsbVmlM6/HN u+qS+FRv3kndpJX5nemH0yotYSiHURAF4jc5KwAjMkWzSh9Rk4NygnT/fXVampRjkwq5 VZc6/urYwtPfrZCXEYZp2R3n3YVddE5Iknp0AlNx2AjsPk3uT+RqDPfaQ4lTsOFpGSi9 AqrLZf+c/cqb9d82Uk1eZh2/rHz50JkkGdB79Zli1HxKTDKiHGJ6GG0D2Tu9Uyfe3ys0 CC8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=piwH4EuK6B8CIBnV7kfny7sAtZcwgU731fkSt6WPOoY=; b=KKUeNVH8FrflEx+30V0WaRtYO5m/S3OOdEhjf2M+ZO83ibqcHgdpZ0tiOnDdk25r19 8tmqzTCL6nmO1vVXy95dQVp6JS3KTcN2yEzeJCradKIlk87YS+VHqjSW8zBXAYCk1uJY r+L1Y7LBufGCMf4vTEAc2j3sc/GBR6Za7YpdU1jC1r7doFroSFAwk93UJ+McNxubK1om /R/bS9XELgifYGWRaL6HxcEcfueRgRzdk2XqBG6vbQZkWY0wVcxI8S3+DRzKaysAObeP EcwaVUPJwxvun1f219NwDCAC0ouX4v7wwDgyWHk5GCq4JRNYeXPscu/619E9v52Nay8H m3BA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b="P/xBSSG2"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f20-20020a056402355400b0043774af6f0asi35330973edd.371.2022.07.06.07.19.06; Wed, 06 Jul 2022 07:19:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b="P/xBSSG2"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232640AbiGFOJU (ORCPT + 99 others); Wed, 6 Jul 2022 10:09:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38338 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232070AbiGFOJT (ORCPT ); Wed, 6 Jul 2022 10:09:19 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C049C101B; Wed, 6 Jul 2022 07:09:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=piwH4EuK6B8CIBnV7kfny7sAtZcwgU731fkSt6WPOoY=; b=P/xBSSG2VS+IuEtPIeDItN3f13 bqtDGCz6eMIafEtsc3QyeeaM1q1fIS07mPhIWDJ8I+RQJj/04VSr1lVrQzR8ivMsTw511x76nENsv tWcqZke6ZIMR+bXEWs5SkRIVa/SD0+wOOuFYmSaw6t+KKZn+A2DF2v2pssLnmfm0qMoEaKhtrQ4bJ noHjc5CJ1c4HrJCIsfFqnHFA0VxxXYELNOurfOcgc1AroYloMkiZwQ3mEvmmhhkTHzwP8QdUvasXu qeEvoJpOG64LZOwrE8C8j74AfGDnBP/RyDBdnRCx7VbcDw95jBdGyKdBjbHK8/0Jk0LNr/0HUWfXE YGXQUGaA==; Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1o95i4-001hai-JC; Wed, 06 Jul 2022 14:08:56 +0000 Date: Wed, 6 Jul 2022 15:08:56 +0100 From: Matthew Wilcox To: Liu Shixin Cc: Greg Kroah-Hartman , Andrew Morton , Jan Kara , William Kucharski , Christoph Hellwig , linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH 5.15 v3] mm/filemap: fix UAF in find_lock_entries Message-ID: References: <20220706074527.1406924-1-liushixin2@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220706074527.1406924-1-liushixin2@huawei.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 06, 2022 at 03:45:27PM +0800, Liu Shixin wrote: > rcu_read_lock(); > while ((page = find_get_entry(&xas, end, XA_PRESENT))) { > + unsigned long next_idx = xas.xa_index; It's confusing to have next_idx not be the actual next index. That was why I made it 'xas.xa_index + 1'. I know it's somewhat used as an indicator that we don't need to call xas_set(), and so it doesn't really matter, but let's say what we mean.