• Matthew Wilcox's avatar
    radix-tree: fix race in gang lookup · 164d23c2
    Matthew Wilcox authored
    [ Upstream commit 46437f9a ]
    
    If the indirect_ptr bit is set on a slot, that indicates we need to redo
    the lookup.  Introduce a new function radix_tree_iter_retry() which
    forces the loop to retry the lookup by setting 'slot' to NULL and
    turning the iterator back to point at the problematic entry.
    
    This is a pretty rare problem to hit at the moment; the lookup has to
    race with a grow of the radix tree from a height of 0.  The consequences
    of hitting this race are that gang lookup could return a pointer to a
    radix_tree_node instead of a pointer to whatever the user had inserted
    in the tree.
    
    Fixes: cebbd29e ("radix-tree: rewrite gang lookup using iterator")
    Signed-off-by: default avatarMatthew Wilcox <willy@linux.intel.com>
    Cc: Hugh Dickins <hughd@google.com>
    Cc: Ohad Ben-Cohen <ohad@wizery.com>
    Cc: Konstantin Khlebnikov <khlebnikov@openvz.org>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
    164d23c2
radix-tree.c 39.5 KB