From: Liam R. Howlett <Liam.Howlett@Oracle.com>
Date: Thu, 6 Dec 2018 21:42:40 +0000 (-0500)
Subject: maple_tree: Remove double free of full node.
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=8182e9da7d1c0b1357058e7a3da89a28e71eada4;p=users%2Fjedix%2Flinux-maple.git

maple_tree: Remove double free of full node.

Signed-off-by: Liam R. Howlett <Liam.Howlett@Oracle.com>
---

diff --git a/lib/maple_tree.c b/lib/maple_tree.c
index 446819f102db..2fc3811d57e8 100644
--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -475,15 +475,18 @@ void maple_link_node(struct maple_state *ms,
 		rmn64->parent = fmn64->parent;
 		/* Shift the data over */
 		maple_shift_64(target, ms->slot_idx);
+		/* Overwrite the duplicate slot data with the new right node */
 		target->slot[ms->slot_idx + 1] = ma_mk_node(rmn);
+		/* Overwrite the first pivot with the new value.  This is fine
+		 * as the current slot has valid entries for this pivot */
 		target->pivot[ms->slot_idx] = lmn64->pivot[3];
+		/* Set the first slot to the node with less pivots */
 		target->slot[ms->slot_idx] = ma_mk_node(lmn);
 	}
 
-	/* Orphan the full node */
+	/* Orphan & free the full node */
 	fmn64->parent = full_mn;
 	_maple_free_node(full_mn);
-	kfree(ma_get_alloc(ms));
 }
 /*
  * Private