From: Lee Schermerhorn radix_tree_replace_slot() was assigning to local variable 'slot' instead of to where pslot pointed. Changed to directly replace location pointed to by argument pslot. Added comments specifying required locking. Note that we do not need to rcu_dereference() the slot to obtain the direct pointer flag, as we hold the tree write locked. Fixes the migration corruption that we were seeing since the rcu-radix-tree patches went in. With this patch, we can back out page-migration-replace-radix_tree_lookup_slot-with-radix_tree_lockup.patch to use the more efficient direct access to radix tree slot. Signed-off-by: Lee Schermerhorn Cc: Nick Piggin Signed-off-by: Andrew Morton --- include/linux/radix-tree.h | 5 ++++- 1 files changed, 4 insertions(+), 1 deletion(-) diff -puN include/linux/radix-tree.h~adix-tree-rcu-lockless-readside-fix-3 include/linux/radix-tree.h --- a/include/linux/radix-tree.h~adix-tree-rcu-lockless-readside-fix-3 +++ a/include/linux/radix-tree.h @@ -133,12 +133,15 @@ static inline void *radix_tree_deref_slo * radix_tree_replace_slot - replace item in a slot * @pslot: pointer to slot, returned by radix_tree_lookup_slot * @item: new item to store in the slot. + * + * For use with radix_tree_lookup_slot(). Caller must hold tree write locked + * across slot lookup and replacement. */ static inline void radix_tree_replace_slot(void *pslot, void *item) { void *slot = *(void **)pslot; BUG_ON(radix_tree_is_direct_ptr(item)); - rcu_assign_pointer(slot, + rcu_assign_pointer(*(void **)pslot, (void *)((unsigned long)item | ((unsigned long)slot & RADIX_TREE_DIRECT_PTR))); } _