Hi Robin, > For various reasons based on the allocator behaviour and typical > use-cases at the time, when the max32_alloc_size optimisation was > introduced it seemed reasonable to couple the reset of the tracked > size to the update of cached32_node upon freeing a relevant IOVA. > However, since subsequent optimisations focused on helping genuine > 32-bit devices make best use of even more limited address spaces, it > is now a lot more likely for cached32_node to be anywhere in a "full" > 32-bit address space, and as such more likely for space to become > available from IOVAs below that node being freed. > > At this point, the short-cut in __cached_rbnode_delete_update() really > doesn't hold up any more, and we need to fix the logic to reliably > provide the expected behaviour. We still want cached32_node to only move > upwards, but we should reset the allocation size if *any* 32-bit space > has become available. > > Reported-by: Yunfei Wang <yf.wang@xxxxxxxxxxxx> > Signed-off-by: Robin Murphy <robin.murphy@xxxxxxx> Would you mind adding: Cc: <stable@xxxxxxxxxxxxxxx> to this path? I checked and I think the patch can be applied to 5.4 and later. thanks, Miles
