idr_get_next_ul() is problematic by design, it can't handle the following overflow case well on 32-bit CPU:
u32 id = UINT_MAX; idr_alloc_u32(&id); while (idr_get_next_ul(&id) != NULL) id++; when 'id' overflows and becomes 0 after UINT_MAX, the loop goes infinite. Fix this by eliminating external users of idr_get_next_ul() and migrating them to idr_for_each_entry_continue_ul(). And add an additional parameter for these iteration macros to detect overflow properly. Please merge this through networking tree, as all the users are in networking subsystem. Cong Wang (2): idr: fix overflow case for idr_for_each_entry_ul() idr: introduce idr_for_each_entry_continue_ul() Davide Caratti (1): selftests: add a test case for cls_lower handle overflow --- .../ethernet/mellanox/mlx5/core/fs_counters.c | 10 ++++--- include/linux/idr.h | 21 +++++++++++++-- net/sched/act_api.c | 9 ++++--- net/sched/cls_flower.c | 27 +++++-------------- .../tc-testing/tc-tests/filters/tests.json | 19 +++++++++++++ 5 files changed, 57 insertions(+), 29 deletions(-) -- 2.21.0
