From: Matthew Wilcox Date: Sat, 21 May 2016 00:01:59 +0000 (-0700) Subject: radix-tree: fix sibling entry insertion X-Git-Tag: v4.7-rc1~89^2~54 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=3b8c00f68405e9c037a6d8ae0d5d9da7f8a34e6a;p=users%2Fhch%2Fdma-mapping.git radix-tree: fix sibling entry insertion The subtraction was the wrong way round, leading to undefined behaviour (shift by an amount larger than the size of the type). Signed-off-by: Matthew Wilcox Reviewed-by: Ross Zwisler Cc: Konstantin Khlebnikov Cc: Kirill Shutemov Cc: Jan Kara Cc: Neil Brown Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/lib/radix-tree.c b/lib/radix-tree.c index 585965afc808..c0366d1d2613 100644 --- a/lib/radix-tree.c +++ b/lib/radix-tree.c @@ -526,8 +526,8 @@ int __radix_tree_create(struct radix_tree_root *root, unsigned long index, #ifdef CONFIG_RADIX_TREE_MULTIORDER /* Insert pointers to the canonical entry */ - if ((shift - order) > 0) { - int i, n = 1 << (shift - order); + if (order > shift) { + int i, n = 1 << (order - shift); offset = offset & ~(n - 1); slot = ptr_to_indirect(&node->slots[offset]); for (i = 0; i < n; i++) {