On Tue, Jul 16 2013, Jan Kara wrote: > With users of radix_tree_preload() run from interrupt (CFQ is one such > possible user), the following race can happen: > > radix_tree_preload() > ... > radix_tree_insert() > radix_tree_node_alloc() > if (rtp->nr) { > ret = rtp->nodes[rtp->nr - 1]; > <interrupt> > ... > radix_tree_preload() > ... > radix_tree_insert() > radix_tree_node_alloc() > if (rtp->nr) { > ret = rtp->nodes[rtp->nr - 1]; > > And we give out one radix tree node twice. That clearly results in radix > tree corruption with different results (usually OOPS) depending on which > two users of radix tree race. > > Fix the problem by disabling interrupts when working with rtp variable. > In-interrupt user can still deplete our preloaded nodes but at least we > won't corrupt radix trees.
Looks good to me, great catch Jan. -- Jens Axboe -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/