From: Matthew Wilcox <mawil...@microsoft.com> The newly introduced warning in radix_tree_free_nodes() was testing the wrong variable; it should have been 'old' instead of 'node'. Rather than replace that one instance, I noticed that we can simply put the WARN_ON_ONCE in radix_tree_node_free() and it will be just as effective.
Fixes: ea07b862ac8e ("mm: workingset: fix use-after-free in shadow node shrinker") Signed-off-by: Matthew Wilcox <mawil...@microsoft.com> --- lib/radix-tree.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/radix-tree.c b/lib/radix-tree.c index 4a4ed3ee4222..3c4577cabc57 100644 --- a/lib/radix-tree.c +++ b/lib/radix-tree.c @@ -449,6 +449,7 @@ static void radix_tree_node_rcu_free(struct rcu_head *head) static inline void radix_tree_node_free(struct radix_tree_node *node) { + WARN_ON_ONCE(!list_empty(&node->private_list)); call_rcu(&node->rcu_head, radix_tree_node_rcu_free); } @@ -734,7 +735,6 @@ static inline void radix_tree_shrink(struct radix_tree_root *root, update_node(node, private); } - WARN_ON_ONCE(!list_empty(&node->private_list)); radix_tree_node_free(node); } } @@ -766,7 +766,6 @@ static void delete_node(struct radix_tree_root *root, root->rnode = NULL; } - WARN_ON_ONCE(!list_empty(&node->private_list)); radix_tree_node_free(node); node = parent; @@ -868,7 +867,6 @@ static void radix_tree_free_nodes(struct radix_tree_node *node) struct radix_tree_node *old = child; offset = child->offset + 1; child = child->parent; - WARN_ON_ONCE(!list_empty(&node->private_list)); radix_tree_node_free(old); if (old == entry_to_node(node)) return; -- 2.11.0.296.g5800ad326.dirty