[4.2.y-ckt stable] Patch "rhashtable: Fix walker list corruption" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Wed Jan 6 19:22:12 UTC 2016 

On Wed, 2016-01-06 at 10:44 +0000, Colin Ian King wrote:
> Hi Kamal,
> 
> I believe you also need commit
> 179ccc0a73641ffd24e44ff10a7bd494efe98d8d ("rhashtable: Kill harmless RCU
> warning in rhashtable_walk_init") to go with that fix

Hi Colin-

Thanks for reviewing this -- but it turns out that 4.2-stable backport
of this commit[0] actually already has that "Kill harmless RCU" change
folded in.

 -Kamal

[0] "[PATCH 34/34] rhashtable: Fix walker list corruption" from David
Miller's 2015-12-22 [PATCHES] Networking (net_43.mbox) patch set.


>  just because we
> got a kernel build bot warning on commit , see
> 70588ecea38070fe1f92ce5aafe97545c3463f7ehttps://bugs.launchpad.net/ubuntu/+source/linux/+bug/1526811/comments/3/+download
> 
> I've queued these up for a SRU, namely bug LP#1526811, so I'm not sure
> how we deal with these kind of stable fixes that have been SRU'd.
> 
> Colin
> 
> On 05/01/16 19:01, Kamal Mostafa wrote:
> > This is a note to let you know that I have just added a patch titled
> > 
> >     rhashtable: Fix walker list corruption
> > 
> > to the linux-4.2.y-queue branch of the 4.2.y-ckt extended stable tree 
> > which can be found at:
> > 
> >     http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-4.2.y-queue
> > 
> > This patch is scheduled to be released in version 4.2.8-ckt1.
> > 
> > If you, or anyone else, feels it should not be added to this tree, please 
> > reply to this email.
> > 
> > For more information about the 4.2.y-ckt tree, see
> > https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
> > 
> > Thanks.
> > -Kamal
> > 
> > ------
> > 
> > From 70588ecea38070fe1f92ce5aafe97545c3463f7e Mon Sep 17 00:00:00 2001
> > From: Herbert Xu <herbert at gondor.apana.org.au>
> > Date: Wed, 16 Dec 2015 16:45:54 +0800
> > Subject: rhashtable: Fix walker list corruption
> > 
> > [ Upstream commit c6ff5268293ef98e48a99597e765ffc417e39fa5 ]
> > 
> > The commit ba7c95ea3870fe7b847466d39a049ab6f156aa2c ("rhashtable:
> > Fix sleeping inside RCU critical section in walk_stop") introduced
> > a new spinlock for the walker list.  However, it did not convert
> > all existing users of the list over to the new spin lock.  Some
> > continued to use the old mutext for this purpose.  This obviously
> > led to corruption of the list.
> > 
> > The fix is to use the spin lock everywhere where we touch the list.
> > 
> > This also allows us to do rcu_rad_lock before we take the lock in
> > rhashtable_walk_start.  With the old mutex this would've deadlocked
> > but it's safe with the new spin lock.
> > 
> > Fixes: ba7c95ea3870 ("rhashtable: Fix sleeping inside RCU...")
> > Reported-by: Colin Ian King <colin.king at canonical.com>
> > Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
> > Signed-off-by: David S. Miller <davem at davemloft.net>
> > Signed-off-by: Kamal Mostafa <kamal at canonical.com>
> > ---
> >  lib/rhashtable.c | 19 +++++++++----------
> >  1 file changed, 9 insertions(+), 10 deletions(-)
> > 
> > diff --git a/lib/rhashtable.c b/lib/rhashtable.c
> > index 7d79983..c321134 100644
> > --- a/lib/rhashtable.c
> > +++ b/lib/rhashtable.c
> > @@ -506,10 +506,11 @@ int rhashtable_walk_init(struct rhashtable *ht, struct rhashtable_iter *iter)
> >  	if (!iter->walker)
> >  		return -ENOMEM;
> > 
> > -	mutex_lock(&ht->mutex);
> > -	iter->walker->tbl = rht_dereference(ht->tbl, ht);
> > +	spin_lock(&ht->lock);
> > +	iter->walker->tbl =
> > +		rcu_dereference_protected(ht->tbl, lockdep_is_held(&ht->lock));
> >  	list_add(&iter->walker->list, &iter->walker->tbl->walkers);
> > -	mutex_unlock(&ht->mutex);
> > +	spin_unlock(&ht->lock);
> > 
> >  	return 0;
> >  }
> > @@ -523,10 +524,10 @@ EXPORT_SYMBOL_GPL(rhashtable_walk_init);
> >   */
> >  void rhashtable_walk_exit(struct rhashtable_iter *iter)
> >  {
> > -	mutex_lock(&iter->ht->mutex);
> > +	spin_lock(&iter->ht->lock);
> >  	if (iter->walker->tbl)
> >  		list_del(&iter->walker->list);
> > -	mutex_unlock(&iter->ht->mutex);
> > +	spin_unlock(&iter->ht->lock);
> >  	kfree(iter->walker);
> >  }
> >  EXPORT_SYMBOL_GPL(rhashtable_walk_exit);
> > @@ -550,14 +551,12 @@ int rhashtable_walk_start(struct rhashtable_iter *iter)
> >  {
> >  	struct rhashtable *ht = iter->ht;
> > 
> > -	mutex_lock(&ht->mutex);
> > +	rcu_read_lock();
> > 
> > +	spin_lock(&ht->lock);
> >  	if (iter->walker->tbl)
> >  		list_del(&iter->walker->list);
> > -
> > -	rcu_read_lock();
> > -
> > -	mutex_unlock(&ht->mutex);
> > +	spin_unlock(&ht->lock);
> > 
> >  	if (!iter->walker->tbl) {
> >  		iter->walker->tbl = rht_dereference_rcu(ht->tbl, ht);
> > --
> > 1.9.1
> > 
>

More information about the kernel-team mailing list