On Fri, Jul 06, 2018 at 08:21:01PM +0300, Dan Carpenter wrote:
> We need to unlock on this error path.
>
> Fixes: 29a6bfc32eb2 ("xarray: Track free entries in an XArray")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> ---
>
> There "UINT_MAX + 1" is an integer overflow and is equal to zero but I
> don't know what was intended there.
Ah. I didn't realise UINT_MAX was defined as ~0U. I had intended
UINT_MAX + 1UL. ie 0x10000000UL on 64-bit and 0 on 32-bit.
> diff --git a/lib/xarray.c b/lib/xarray.c
> index be10039caaed..a27fdb381f64 100644
> --- a/lib/xarray.c
> +++ b/lib/xarray.c
> @@ -1474,8 +1474,10 @@ int xa_alloc(struct xarray *xa, u32 *id, void *entry, gfp_t gfp)
> xas.xa_index = 0;
> xas_lock(&xas);
> xas_find_tagged(&xas, UINT_MAX, XA_FREE_TAG);
> - if (xas.xa_node == XAS_BOUNDS && xas.xa_index == UINT_MAX + 1)
> + if (xas.xa_node == XAS_BOUNDS && xas.xa_index == UINT_MAX + 1) {
> + xas_unlock(&xas);
> return -ENOSPC;
> + }
> *id = xas.xa_index;
> xas_store(&xas, entry);
> xas_clear_tag(&xas, XA_FREE_TAG);
