From: Kent Overstreet <kent.overstreet@linux.dev>
Date: Sun, 11 Aug 2024 01:04:35 +0000 (-0400)
Subject: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
X-Git-Tag: v6.6.51~80
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d942e855324a60107025c116245095632476613e;p=thirdparty%2Fkernel%2Fstable.git

lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

[ Upstream commit b2f11c6f3e1fc60742673b8675c95b78447f3dae ]

If we need to increase the tree depth, allocate a new node, and then
race with another thread that increased the tree depth before us, we'll
still have a preallocated node that might be used later.

If we then use that node for a new non-root node, it'll still have a
pointer to the old root instead of being zeroed - fix this by zeroing it
in the cmpxchg failure path.

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/lib/generic-radix-tree.c b/lib/generic-radix-tree.c
index 7dfa88282b006..78f081d695d0b 100644
--- a/lib/generic-radix-tree.c
+++ b/lib/generic-radix-tree.c
@@ -131,6 +131,8 @@ void *__genradix_ptr_alloc(struct __genradix *radix, size_t offset,
 		if ((v = cmpxchg_release(&radix->root, r, new_root)) == r) {
 			v = new_root;
 			new_node = NULL;
+		} else {
+			new_node->children[0] = NULL;
 		}
 	}