From e33221cf36aab9e9b145543978ef64c429159d81 Mon Sep 17 00:00:00 2001
From: "Liam R. Howlett" <Liam.Howlett@oracle.com>
Date: Mon, 9 May 2022 22:37:55 -0400
Subject: [PATCH] maple_tree: Fix null expand into ULONG_MAX causing incorrect
 metadata

When expanding a null write to ULONG_MAX, it may cause the metadata
calculation to be off by one.  Fix this issue by detecting the offset
with write maple state end_piv instead of reading the node data.

Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
---
 lib/maple_tree.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/maple_tree.c b/lib/maple_tree.c
index 1bd8a4c2504e..aee76fb39bfa 100644
--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -3985,8 +3985,7 @@ static inline bool mas_wr_node_store(struct ma_wr_state *wr_mas)
 
 		new_end++;
 	} else {
-		if (mas_safe_pivot(mas, wr_mas->pivots, wr_mas->offset_end,
-				   wr_mas->type) == mas->last)
+		if (wr_mas->end_piv == mas->last)
 			wr_mas->offset_end++;
 
 		new_end -= wr_mas->offset_end - offset - 1;
@@ -4150,6 +4149,7 @@ static inline void mas_wr_extend_null(struct ma_wr_state *wr_mas)
 			mas->last = mas->max;
 		else
 			mas->last = wr_mas->pivots[wr_mas->offset_end];
+		wr_mas->end_piv = mas->last;
 	} else if ((mas->last > wr_mas->end_piv) &&
 		   !wr_mas->slots[wr_mas->offset_end]) {
 		mas->last = wr_mas->end_piv;
-- 
2.50.1