eec4852543
There are four cases I can see where we could end up with a NULL 'slot' in
radix_tree_next_slot(). This unit test exercises all four of them, making
sure that if in the future we have an unsafe path through
radix_tree_next_slot(), we'll catch it.
Here are details on the four cases:
1) radix_tree_iter_retry() via a non-tagged iteration like
radix_tree_for_each_slot(). In this case we currently aren't seeing a bug
because radix_tree_iter_retry() sets
iter->next_index = iter->index;
which means that in in the else case in radix_tree_next_slot(), 'count' is
zero, so we skip over the while() loop and effectively just return NULL
without ever dereferencing 'slot'.
2) radix_tree_iter_retry() via tagged iteration like
radix_tree_for_each_tagged(). This case was giving us NULL pointer
dereferences in testing, and was fixed with this commit:
commit
|
||
---|---|---|
.. | ||
arch | ||
build | ||
cgroup | ||
firewire | ||
gpio | ||
hv | ||
iio | ||
include | ||
kvm/kvm_stat | ||
laptop/freefall | ||
lguest | ||
lib | ||
net | ||
nfsd | ||
objtool | ||
perf | ||
power | ||
scripts | ||
spi | ||
testing | ||
thermal/tmon | ||
time | ||
usb | ||
virtio | ||
vm | ||
Makefile |