Commit 90f9dd8f authored by NeilBrown's avatar NeilBrown Committed by Linus Torvalds

[PATCH] Fix over-zealous tag clearing in radix_tree_delete

If a tag is set for a node being deleted from a radix_tree, then that
tag gets cleared from the parent of the node, even if it is set for some
siblings of the node begin deleted.

This patch changes the logic to include a test for any_tag_set similar
to the logic a little futher down.  Care is taken to ensure that
'nr_cleared_tags' remains equals to the number of entries in the 'tags'
array which are set to '0' (which means that this tag is not set in the
tree below pathp->node, and should be cleared at pathp->node and
possibly above.

[ Nick says: "Linus FYI, I was able to modify the radix tree test
  harness to catch the bug and can no longer trigger it after the fix.
  Resulting code passes all other harness tests as well of course." ]
Signed-off-by: default avatarNeil Brown <>
Acked-by: default avatarNick Piggin <>
Signed-off-by: default avatarLinus Torvalds <>
parent d89b8f40
......@@ -752,12 +752,14 @@ void *radix_tree_delete(struct radix_tree_root *root, unsigned long index)
nr_cleared_tags = 0;
for (tag = 0; tag < RADIX_TREE_TAGS; tag++) {
tags[tag] = 1;
if (tag_get(pathp->node, tag, pathp->offset)) {
tag_clear(pathp->node, tag, pathp->offset);
tags[tag] = 0;
} else
tags[tag] = 1;
if (!any_tag_set(pathp->node, tag)) {
tags[tag] = 0;
for (pathp--; nr_cleared_tags && pathp->node; pathp--) {
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment