From: NeilBrown Date: Thu, 16 Feb 2006 03:43:01 +0000 (+1100) Subject: [PATCH] Fix over-zealous tag clearing in radix_tree_delete X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=90f9dd8f72773152b69042debd6b9ed6d224703a;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git [PATCH] Fix over-zealous tag clearing in radix_tree_delete If a tag is set for a node being deleted from a radix_tree, then that tag gets cleared from the parent of the node, even if it is set for some siblings of the node begin deleted. This patch changes the logic to include a test for any_tag_set similar to the logic a little futher down. Care is taken to ensure that 'nr_cleared_tags' remains equals to the number of entries in the 'tags' array which are set to '0' (which means that this tag is not set in the tree below pathp->node, and should be cleared at pathp->node and possibly above. [ Nick says: "Linus FYI, I was able to modify the radix tree test harness to catch the bug and can no longer trigger it after the fix. Resulting code passes all other harness tests as well of course." ] Signed-off-by: Neil Brown Acked-by: Nick Piggin Signed-off-by: Linus Torvalds --- diff --git a/lib/radix-tree.c b/lib/radix-tree.c index c0bd4a91480..1e5b17dc7e3 100644 --- a/lib/radix-tree.c +++ b/lib/radix-tree.c @@ -752,12 +752,14 @@ void *radix_tree_delete(struct radix_tree_root *root, unsigned long index) */ nr_cleared_tags = 0; for (tag = 0; tag < RADIX_TREE_TAGS; tag++) { + tags[tag] = 1; if (tag_get(pathp->node, tag, pathp->offset)) { tag_clear(pathp->node, tag, pathp->offset); - tags[tag] = 0; - nr_cleared_tags++; - } else - tags[tag] = 1; + if (!any_tag_set(pathp->node, tag)) { + tags[tag] = 0; + nr_cleared_tags++; + } + } } for (pathp--; nr_cleared_tags && pathp->node; pathp--) {