tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[PATCH] Fix over-zealous tag clearing in radix_tree_delete

If a tag is set for a node being deleted from a radix_tree, then that
tag gets cleared from the parent of the node, even if it is set for some
siblings of the node begin deleted.

This patch changes the logic to include a test for any_tag_set similar
to the logic a little futher down. Care is taken to ensure that
'nr_cleared_tags' remains equals to the number of entries in the 'tags'
array which are set to '0' (which means that this tag is not set in the
tree below pathp->node, and should be cleared at pathp->node and
possibly above.

[ Nick says: "Linus FYI, I was able to modify the radix tree test
harness to catch the bug and can no longer trigger it after the fix.
Resulting code passes all other harness tests as well of course." ]

Signed-off-by: Neil Brown <neilb@suse.de>
Acked-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by NeilBrown and committed by Linus Torvalds 90f9dd8f d89b8f40

+6 -4
unified split
+6 -4
lib/radix-tree.c
··· 752 */ 753 nr_cleared_tags = 0; 754 for (tag = 0; tag < RADIX_TREE_TAGS; tag++) { 755 if (tag_get(pathp->node, tag, pathp->offset)) { 756 tag_clear(pathp->node, tag, pathp->offset); 757 - tags[tag] = 0; 758 - nr_cleared_tags++; 759 - } else 760 - tags[tag] = 1; 761 } 762 763 for (pathp--; nr_cleared_tags && pathp->node; pathp--) {
··· 752 */ 753 nr_cleared_tags = 0; 754 for (tag = 0; tag < RADIX_TREE_TAGS; tag++) { 755 + tags[tag] = 1; 756 if (tag_get(pathp->node, tag, pathp->offset)) { 757 tag_clear(pathp->node, tag, pathp->offset); 758 + if (!any_tag_set(pathp->node, tag)) { 759 + tags[tag] = 0; 760 + nr_cleared_tags++; 761 + } 762 + } 763 } 764 765 for (pathp--; nr_cleared_tags && pathp->node; pathp--) {