| Message ID | 20201001233943.GW20115@casper.infradead.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | xarray-add-xas_split-fix-3.patch | expand |
diff --git a/lib/xarray.c b/lib/xarray.c index b573db455c43..eedb4b51c59f 100644 --- a/lib/xarray.c +++ b/lib/xarray.c @@ -271,8 +271,7 @@ static void xas_destroy(struct xa_state *xas) while (node) { XA_NODE_BUG_ON(node, !list_empty(&node->private_list)); next = rcu_dereference_raw(node->parent); - /* XXX: need to free children */ - kmem_cache_free(radix_tree_node_cachep, node); + radix_tree_node_rcu_free(&node->rcu_head); xas->xa_alloc = node = next; } }
Testing today revealed a rather annoying bug where we can free an initialised node back to the slab cache without zeroing it first. That ends up creating a corrupted XArray ... whichever XArray happens to allocate that node next. From c53d4d2690db946f5710a39e6a6f67c5a46ff9a4 Mon Sep 17 00:00:00 2001 From: "Matthew Wilcox (Oracle)" <willy@infradead.org> Date: Thu, 1 Oct 2020 18:22:35 -0400 Subject: [PATCH] fix xarray --- lib/xarray.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)