If rhashtable_walk_next detects a resize operation in progress, it jumps
to the new table and continues walking that one. But it misses to drop
the reference to it's current item, leading it to continue traversing
the new table's bucket in which the current item is sorted into, and
after reaching that bucket's end continues traversing the new table's
second bucket instead of the first one, thereby potentially missing
items.
This fixes the rhashtable runtime test for me. Bug probably introduced
by Herbert Xu's patch eddee5ba ("rhashtable: Fix walker behaviour during
rehash") although not explicitly tested.
Fixes: eddee5ba ("rhashtable: Fix walker behaviour during rehash")
Signed-off-by: Phil Sutter <[email protected]>
---
lib/rhashtable.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/rhashtable.c b/lib/rhashtable.c
index a60a6d3..e36b94b 100644
--- a/lib/rhashtable.c
+++ b/lib/rhashtable.c
@@ -585,6 +585,7 @@ void *rhashtable_walk_next(struct rhashtable_iter *iter)
struct bucket_table *tbl = iter->walker->tbl;
struct rhashtable *ht = iter->ht;
struct rhash_head *p = iter->p;
+ void *rc = NULL;
if (p) {
p = rht_dereference_bucket_rcu(p->next, tbl, iter->slot);
@@ -617,12 +618,12 @@ next:
if (iter->walker->tbl) {
iter->slot = 0;
iter->skip = 0;
- return ERR_PTR(-EAGAIN);
+ rc = ERR_PTR(-EAGAIN);
}
iter->p = NULL;
- return NULL;
+ return rc;
}
EXPORT_SYMBOL_GPL(rhashtable_walk_next);
--
2.1.2
On Mon, Jul 06, 2015 at 02:01:42PM +0200, Phil Sutter wrote:
> If rhashtable_walk_next detects a resize operation in progress, it jumps
> to the new table and continues walking that one. But it misses to drop
> the reference to it's current item, leading it to continue traversing
> the new table's bucket in which the current item is sorted into, and
> after reaching that bucket's end continues traversing the new table's
> second bucket instead of the first one, thereby potentially missing
> items.
>
> This fixes the rhashtable runtime test for me. Bug probably introduced
> by Herbert Xu's patch eddee5ba ("rhashtable: Fix walker behaviour during
> rehash") although not explicitly tested.
>
> Fixes: eddee5ba ("rhashtable: Fix walker behaviour during rehash")
> Signed-off-by: Phil Sutter <[email protected]>
Good catch!
> diff --git a/lib/rhashtable.c b/lib/rhashtable.c
> index a60a6d3..e36b94b 100644
> --- a/lib/rhashtable.c
> +++ b/lib/rhashtable.c
> @@ -585,6 +585,7 @@ void *rhashtable_walk_next(struct rhashtable_iter *iter)
> struct bucket_table *tbl = iter->walker->tbl;
> struct rhashtable *ht = iter->ht;
> struct rhash_head *p = iter->p;
> + void *rc = NULL;
>
> if (p) {
> p = rht_dereference_bucket_rcu(p->next, tbl, iter->slot);
> @@ -617,12 +618,12 @@ next:
> if (iter->walker->tbl) {
> iter->slot = 0;
> iter->skip = 0;
> - return ERR_PTR(-EAGAIN);
> + rc = ERR_PTR(-EAGAIN);
> }
>
> iter->p = NULL;
I think a simpler fix would be to move "iter->p = NULL" before
the if statement.
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Mon, Jul 06, 2015 at 09:30:40PM +0800, Herbert Xu wrote:
> On Mon, Jul 06, 2015 at 02:01:42PM +0200, Phil Sutter wrote:
> > diff --git a/lib/rhashtable.c b/lib/rhashtable.c
> > index a60a6d3..e36b94b 100644
> > --- a/lib/rhashtable.c
> > +++ b/lib/rhashtable.c
> > @@ -585,6 +585,7 @@ void *rhashtable_walk_next(struct rhashtable_iter *iter)
> > struct bucket_table *tbl = iter->walker->tbl;
> > struct rhashtable *ht = iter->ht;
> > struct rhash_head *p = iter->p;
> > + void *rc = NULL;
> >
> > if (p) {
> > p = rht_dereference_bucket_rcu(p->next, tbl, iter->slot);
> > @@ -617,12 +618,12 @@ next:
> > if (iter->walker->tbl) {
> > iter->slot = 0;
> > iter->skip = 0;
> > - return ERR_PTR(-EAGAIN);
> > + rc = ERR_PTR(-EAGAIN);
> > }
> >
> > iter->p = NULL;
>
> I think a simpler fix would be to move "iter->p = NULL" before
> the if statement.
Done. Thanks for the review!
Cheers, Phil