From: Liam R. Howlett <Liam.Howlett@Oracle.com>
Date: Fri, 8 Mar 2019 18:53:10 +0000 (-0500)
Subject: maple_tree: Fix double free error.
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=8a2617a3ba7b21cbe0fc9959cd55ec54f7fb47b2;p=users%2Fjedix%2Flinux-maple.git

maple_tree: Fix double free error.

There was a double free which raced with the rcu free so it was not
detected all the time.

Signed-off-by: Liam R. Howlett <Liam.Howlett@Oracle.com>
---

diff --git a/lib/maple_tree.c b/lib/maple_tree.c
index 7a3970ea8cad..cd3b099b5058 100644
--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -1028,7 +1028,8 @@ static inline int ma_split(struct ma_state *mas, unsigned char slot)
 	}
 
 	// Free the full node.
-	mt_free(mt_to_node(full));
+	if (old_parent != full)
+		mt_free(mt_to_node(full));
 	return split;
 }