lib/generic-radix-tree.c: Don't overflow in peek()

When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflows related to the radix tree code. Oops. Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
author: Kent Overstreet <kent.overstreet@gmail.com> 2021-02-12 20:11:25 -0500
committer: Kent Overstreet <kent.overstreet@linux.dev> 2023-08-14 12:26:40 -0400
commit: 7cf691124bc8efbcb669eefa059c82ca4906985d (patch)
tree: a0ef427de4c5d1dc78e117dd8b34a5a628f26158 /lib
parent: 0e55210c9a1a47a1b5a8289fb8a1cb4c67b829af (diff)
1 files changed, 14 insertions, 3 deletions
diff --git a/lib/generic-radix-tree.c b/lib/generic-radix-tree.c
index f25eb111c051..7dfa88282b00 100644
--- a/lib/generic-radix-tree.c
+++ b/lib/generic-radix-tree.c
@@ -166,6 +166,10 @@ void *__genradix_iter_peek(struct genradix_iter *iter,
 	struct genradix_root *r;
 	struct genradix_node *n;
 	unsigned level, i;
+
+	if (iter->offset == SIZE_MAX)
+		return NULL;
+
 restart:
 	r = READ_ONCE(radix->root);
 	if (!r)
@@ -184,10 +188,17 @@ restart:
 			(GENRADIX_ARY - 1);
 
 		while (!n->children[i]) {
+			size_t objs_per_ptr = genradix_depth_size(level);
+
+			if (iter->offset + objs_per_ptr < iter->offset) {
+				iter->offset	= SIZE_MAX;
+				iter->pos	= SIZE_MAX;
+				return NULL;
+			}
+
 			i++;
-			iter->offset = round_down(iter->offset +
-					   genradix_depth_size(level),
-					   genradix_depth_size(level));
+			iter->offset = round_down(iter->offset + objs_per_ptr,
+						  objs_per_ptr);
 			iter->pos = (iter->offset >> PAGE_SHIFT) *
 				objs_per_page;
 			if (i == GENRADIX_ARY)
author	Kent Overstreet <kent.overstreet@gmail.com>	2021-02-12 20:11:25 -0500
committer	Kent Overstreet <kent.overstreet@linux.dev>	2023-08-14 12:26:40 -0400
commit	7cf691124bc8efbcb669eefa059c82ca4906985d (patch)
tree	a0ef427de4c5d1dc78e117dd8b34a5a628f26158 /lib
parent	0e55210c9a1a47a1b5a8289fb8a1cb4c67b829af (diff)