lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 6 Jul 2015 21:30:40 +0800
From:	Herbert Xu <herbert@...dor.apana.org.au>
To:	Phil Sutter <phil@....cc>
Cc:	Thomas Graf <tgraf@...g.ch>, sparclinux@...r.kernel.org,
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
	davem@...emloft.net, daniel@...earbox.net, geert@...ux-m68k.org,
	mroos@...ux.ee
Subject: Re: [PATCH] rhashtable: fix for resize events during table walk

On Mon, Jul 06, 2015 at 02:01:42PM +0200, Phil Sutter wrote:
> If rhashtable_walk_next detects a resize operation in progress, it jumps
> to the new table and continues walking that one. But it misses to drop
> the reference to it's current item, leading it to continue traversing
> the new table's bucket in which the current item is sorted into, and
> after reaching that bucket's end continues traversing the new table's
> second bucket instead of the first one, thereby potentially missing
> items.
> 
> This fixes the rhashtable runtime test for me. Bug probably introduced
> by Herbert Xu's patch eddee5ba ("rhashtable: Fix walker behaviour during
> rehash") although not explicitly tested.
> 
> Fixes: eddee5ba ("rhashtable: Fix walker behaviour during rehash")
> Signed-off-by: Phil Sutter <phil@....cc>

Good catch!

> diff --git a/lib/rhashtable.c b/lib/rhashtable.c
> index a60a6d3..e36b94b 100644
> --- a/lib/rhashtable.c
> +++ b/lib/rhashtable.c
> @@ -585,6 +585,7 @@ void *rhashtable_walk_next(struct rhashtable_iter *iter)
>  	struct bucket_table *tbl = iter->walker->tbl;
>  	struct rhashtable *ht = iter->ht;
>  	struct rhash_head *p = iter->p;
> +	void *rc = NULL;
>  
>  	if (p) {
>  		p = rht_dereference_bucket_rcu(p->next, tbl, iter->slot);
> @@ -617,12 +618,12 @@ next:
>  	if (iter->walker->tbl) {
>  		iter->slot = 0;
>  		iter->skip = 0;
> -		return ERR_PTR(-EAGAIN);
> +		rc = ERR_PTR(-EAGAIN);
>  	}
>  
>  	iter->p = NULL;

I think a simpler fix would be to move "iter->p = NULL" before
the if statement.

Thanks,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ