On Fri, Jul 06, 2018 at 08:21:01PM +0300, Dan Carpenter wrote: > We need to unlock on this error path. > > Fixes: 29a6bfc32eb2 ("xarray: Track free entries in an XArray") > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > --- > > There "UINT_MAX + 1" is an integer overflow and is equal to zero but I > don't know what was intended there. Ah. I didn't realise UINT_MAX was defined as ~0U. I had intended UINT_MAX + 1UL. ie 0x10000000UL on 64-bit and 0 on 32-bit. > diff --git a/lib/xarray.c b/lib/xarray.c > index be10039caaed..a27fdb381f64 100644 > --- a/lib/xarray.c > +++ b/lib/xarray.c > @@ -1474,8 +1474,10 @@ int xa_alloc(struct xarray *xa, u32 *id, void *entry, gfp_t gfp) > xas.xa_index = 0; > xas_lock(&xas); > xas_find_tagged(&xas, UINT_MAX, XA_FREE_TAG); > - if (xas.xa_node == XAS_BOUNDS && xas.xa_index == UINT_MAX + 1) > + if (xas.xa_node == XAS_BOUNDS && xas.xa_index == UINT_MAX + 1) { > + xas_unlock(&xas); > return -ENOSPC; > + } > *id = xas.xa_index; > xas_store(&xas, entry); > xas_clear_tag(&xas, XA_FREE_TAG); -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html