From: Peng Zhang zhangpeng.00@bytedance.com
commit 0257d9908d38c0b1669af4bb1bc4dbca1f273fe6 upstream.
Make mas->min and mas->max point to a node range instead of a leaf entry range. This allows mas to still be usable after mas_empty_area() returns. Users would get unexpected results from other operations on the maple state after calling the affected function.
For example, x86 MAP_32BIT mmap() acts as if there is no suitable gap when there should be one.
Link: https://lkml.kernel.org/r/20230505145829.74574-1-zhangpeng.00@bytedance.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Peng Zhang zhangpeng.00@bytedance.com Reported-by: "Edgecombe, Rick P" rick.p.edgecombe@intel.com Reported-by: Tad support@spotco.us Reported-by: Michael Keyes mgkeyes@vigovproductions.net Link: https://lore.kernel.org/linux-mm/32f156ba80010fd97dbaf0a0cdfc84366608624d.ca... Link: https://lore.kernel.org/linux-mm/e6108286ac025c268964a7ead3aab9899f9bc6e9.ca... Reviewed-by: Liam R. Howlett Liam.Howlett@oracle.com Tested-by: Rick Edgecombe rick.p.edgecombe@intel.com Cc: stable@vger.kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- lib/maple_tree.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-)
--- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -5340,15 +5340,9 @@ int mas_empty_area(struct ma_state *mas,
mt = mte_node_type(mas->node); pivots = ma_pivots(mas_mn(mas), mt); - if (offset) - mas->min = pivots[offset - 1] + 1; - - if (offset < mt_pivots[mt]) - mas->max = pivots[offset]; - - if (mas->index < mas->min) - mas->index = mas->min; - + min = mas_safe_min(mas, pivots, offset); + if (mas->index < min) + mas->index = min; mas->last = mas->index + size - 1; return 0; }