[4.2.y-ckt stable] Patch "rhashtable: Fix walker list corruption" has been added to staging queue

Wed Jan 6 10:44:40 UTC 2016

Hi Kamal,

I believe you also need commit
179ccc0a73641ffd24e44ff10a7bd494efe98d8d ("rhashtable: Kill harmless RCU
warning in rhashtable_walk_init") to go with that fix just because we
got a kernel build bot warning on commit , see
70588ecea38070fe1f92ce5aafe97545c3463f7ehttps://bugs.launchpad.net/ubuntu/+source/linux/+bug/1526811/comments/3/+download

I've queued these up for a SRU, namely bug LP#1526811, so I'm not sure
how we deal with these kind of stable fixes that have been SRU'd.

Colin

On 05/01/16 19:01, Kamal Mostafa wrote:
> This is a note to let you know that I have just added a patch titled
> 
>     rhashtable: Fix walker list corruption
> 
> to the linux-4.2.y-queue branch of the 4.2.y-ckt extended stable tree 
> which can be found at:
> 
>     http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-4.2.y-queue
> 
> This patch is scheduled to be released in version 4.2.8-ckt1.
> 
> If you, or anyone else, feels it should not be added to this tree, please 
> reply to this email.
> 
> For more information about the 4.2.y-ckt tree, see
> https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
> 
> Thanks.
> -Kamal
> 
> ------
> 
> From 70588ecea38070fe1f92ce5aafe97545c3463f7e Mon Sep 17 00:00:00 2001
> From: Herbert Xu <herbert at gondor.apana.org.au>
> Date: Wed, 16 Dec 2015 16:45:54 +0800
> Subject: rhashtable: Fix walker list corruption
> 
> [ Upstream commit c6ff5268293ef98e48a99597e765ffc417e39fa5 ]
> 
> The commit ba7c95ea3870fe7b847466d39a049ab6f156aa2c ("rhashtable:
> Fix sleeping inside RCU critical section in walk_stop") introduced
> a new spinlock for the walker list.  However, it did not convert
> all existing users of the list over to the new spin lock.  Some
> continued to use the old mutext for this purpose.  This obviously
> led to corruption of the list.
> 
> The fix is to use the spin lock everywhere where we touch the list.
> 
> This also allows us to do rcu_rad_lock before we take the lock in
> rhashtable_walk_start.  With the old mutex this would've deadlocked
> but it's safe with the new spin lock.
> 
> Fixes: ba7c95ea3870 ("rhashtable: Fix sleeping inside RCU...")
> Reported-by: Colin Ian King <colin.king at canonical.com>
> Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
> Signed-off-by: David S. Miller <davem at davemloft.net>
> Signed-off-by: Kamal Mostafa <kamal at canonical.com>
> ---
>  lib/rhashtable.c | 19 +++++++++----------
>  1 file changed, 9 insertions(+), 10 deletions(-)
> 
> diff --git a/lib/rhashtable.c b/lib/rhashtable.c
> index 7d79983..c321134 100644
> --- a/lib/rhashtable.c
> +++ b/lib/rhashtable.c
> @@ -506,10 +506,11 @@ int rhashtable_walk_init(struct rhashtable *ht, struct rhashtable_iter *iter)
>  	if (!iter->walker)
>  		return -ENOMEM;
> 
> -	mutex_lock(&ht->mutex);
> -	iter->walker->tbl = rht_dereference(ht->tbl, ht);
> +	spin_lock(&ht->lock);
> +	iter->walker->tbl =
> +		rcu_dereference_protected(ht->tbl, lockdep_is_held(&ht->lock));
>  	list_add(&iter->walker->list, &iter->walker->tbl->walkers);
> -	mutex_unlock(&ht->mutex);
> +	spin_unlock(&ht->lock);
> 
>  	return 0;
>  }
> @@ -523,10 +524,10 @@ EXPORT_SYMBOL_GPL(rhashtable_walk_init);
>   */
>  void rhashtable_walk_exit(struct rhashtable_iter *iter)
>  {
> -	mutex_lock(&iter->ht->mutex);
> +	spin_lock(&iter->ht->lock);
>  	if (iter->walker->tbl)
>  		list_del(&iter->walker->list);
> -	mutex_unlock(&iter->ht->mutex);
> +	spin_unlock(&iter->ht->lock);
>  	kfree(iter->walker);
>  }
>  EXPORT_SYMBOL_GPL(rhashtable_walk_exit);
> @@ -550,14 +551,12 @@ int rhashtable_walk_start(struct rhashtable_iter *iter)
>  {
>  	struct rhashtable *ht = iter->ht;
> 
> -	mutex_lock(&ht->mutex);
> +	rcu_read_lock();
> 
> +	spin_lock(&ht->lock);
>  	if (iter->walker->tbl)
>  		list_del(&iter->walker->list);
> -
> -	rcu_read_lock();
> -
> -	mutex_unlock(&ht->mutex);
> +	spin_unlock(&ht->lock);
> 
>  	if (!iter->walker->tbl) {
>  		iter->walker->tbl = rht_dereference_rcu(ht->tbl, ht);
> --
> 1.9.1
> 