* xarray-add-xas_split-fix-3.patch
@ 2020-10-01 23:39 Matthew Wilcox
0 siblings, 0 replies; only message in thread
From: Matthew Wilcox @ 2020-10-01 23:39 UTC (permalink / raw)
To: Andrew Morton; +Cc: linux-mm
Testing today revealed a rather annoying bug where we can free an
initialised node back to the slab cache without zeroing it first.
That ends up creating a corrupted XArray ... whichever XArray
happens to allocate that node next.
From c53d4d2690db946f5710a39e6a6f67c5a46ff9a4 Mon Sep 17 00:00:00 2001
From: "Matthew Wilcox (Oracle)" <willy@infradead.org>
Date: Thu, 1 Oct 2020 18:22:35 -0400
Subject: [PATCH] fix xarray
---
lib/xarray.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/xarray.c b/lib/xarray.c
index b573db455c43..eedb4b51c59f 100644
--- a/lib/xarray.c
+++ b/lib/xarray.c
@@ -271,8 +271,7 @@ static void xas_destroy(struct xa_state *xas)
while (node) {
XA_NODE_BUG_ON(node, !list_empty(&node->private_list));
next = rcu_dereference_raw(node->parent);
- /* XXX: need to free children */
- kmem_cache_free(radix_tree_node_cachep, node);
+ radix_tree_node_rcu_free(&node->rcu_head);
xas->xa_alloc = node = next;
}
}
--
2.28.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-10-01 23:39 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-01 23:39 xarray-add-xas_split-fix-3.patch Matthew Wilcox
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).