From c88414f56c37f4afa730b81291502b2484f43550 Mon Sep 17 00:00:00 2001
From: "Matthew Wilcox (Oracle)" <willy@infradead.org>
Date: Mon, 23 Sep 2024 14:33:40 -0400
Subject: [PATCH] XArray: Prevent node leaks in xas_alloc()

In the following situation, we can leak nodes:

do {
	xas_split_alloc();
	xas_lock();
	/* Discover that xas_split() does not need to be called */
	xas_store();
	xas_unlock();
} while (xas_nomem());

The xas_store() is expecting to be using a node allocated by xas_alloc(),
but will use a node allocated by xas_split_alloc() instead.  That
will cause us to leak the remaining nodes which are chained through
node->parent.  Fix this by only popping the top node off the xa_alloc
list instead of removing all the nodes.

Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
---
 lib/xarray.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/xarray.c b/lib/xarray.c
index 32d4bac8c94c..2da34b84ac46 100644
--- a/lib/xarray.c
+++ b/lib/xarray.c
@@ -366,7 +366,7 @@ static void *xas_alloc(struct xa_state *xas, unsigned int shift)
 		return NULL;
 
 	if (node) {
-		xas->xa_alloc = NULL;
+		xas->xa_alloc = rcu_dereference_raw(node->parent);
 	} else {
 		gfp_t gfp = GFP_NOWAIT | __GFP_NOWARN;
 
-- 
2.49.0