diff options
| author | Matthew Wilcox (Oracle) <willy@infradead.org> | 2023-07-27 05:58:17 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-09-13 10:43:00 +0300 |
| commit | 4a3e0d51c3e10ef699fc201542593f4bbcd39fd3 (patch) | |
| tree | 6e6b477884002dd919facaec4cc9de16c8c2c5e3 /lib | |
| parent | 7a7f11283392311741a5399672fd2657c7c6ff01 (diff) | |
| download | linux-4a3e0d51c3e10ef699fc201542593f4bbcd39fd3.tar.xz | |
XArray: Do not return sibling entries from xa_load()
commit cbc02854331edc6dc22d8b77b6e22e38ebc7dd51 upstream.
It is possible for xa_load() to observe a sibling entry pointing to
another sibling entry. An example:
Thread A: Thread B:
xa_store_range(xa, entry, 188, 191, gfp);
xa_load(xa, 191);
entry = xa_entry(xa, node, 63);
[entry is a sibling of 188]
xa_store_range(xa, entry, 184, 191, gfp);
if (xa_is_sibling(entry))
offset = xa_to_sibling(entry);
entry = xa_entry(xas->xa, node, offset);
[entry is now a sibling of 184]
It is sufficient to go around this loop until we hit a non-sibling entry.
Sibling entries always point earlier in the node, so we are guaranteed
to terminate this search.
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Fixes: 6b24ca4a1a8d ("mm: Use multi-index entries in the page cache")
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/xarray.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/xarray.c b/lib/xarray.c index ea9ce1f0b386..e9bd29826e8b 100644 --- a/lib/xarray.c +++ b/lib/xarray.c @@ -204,7 +204,7 @@ static void *xas_descend(struct xa_state *xas, struct xa_node *node) void *entry = xa_entry(xas->xa, node, offset); xas->xa_node = node; - if (xa_is_sibling(entry)) { + while (xa_is_sibling(entry)) { offset = xa_to_sibling(entry); entry = xa_entry(xas->xa, node, offset); if (node->shift && xa_is_node(entry)) |