* [PATCH] lib/assoc_array: fix stale nr_leaves_on_tree after gc
@ 2026-03-18 16:48 Josh Law
0 siblings, 0 replies; 7+ messages in thread
From: Josh Law @ 2026-03-18 16:48 UTC (permalink / raw)
To: Andrew Morton; +Cc: Josh Law, linux-kernel
In assoc_array_gc(), assoc_array_apply_edit() publishes the new tree
root before nr_leaves_on_tree is updated, creating a window where the
tree is visible with a stale leaf count. Move the nr_leaves_on_tree
assignment before assoc_array_apply_edit() so the count is consistent
when the new root becomes visible.
Signed-off-by: Josh Law <objecting@objecting.org>
---
lib/assoc_array.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/assoc_array.c b/lib/assoc_array.c
index bcc6e0a013eb..0752fd44e066 100644
--- a/lib/assoc_array.c
+++ b/lib/assoc_array.c
@@ -1711,8 +1711,8 @@ int assoc_array_gc(struct assoc_array *array,
gc_complete:
edit->set[0].to = new_root;
- assoc_array_apply_edit(edit);
array->nr_leaves_on_tree = nr_leaves_on_tree;
+ assoc_array_apply_edit(edit);
return 0;
enomem:
--
2.34.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH] lib/assoc_array: fix stale nr_leaves_on_tree after gc
@ 2026-03-18 16:49 Josh Law
2026-03-18 17:23 ` Andrew Morton
0 siblings, 1 reply; 7+ messages in thread
From: Josh Law @ 2026-03-18 16:49 UTC (permalink / raw)
To: Andrew Morton; +Cc: Josh Law, linux-kernel, hlcj1234567
In assoc_array_gc(), assoc_array_apply_edit() publishes the new tree
root before nr_leaves_on_tree is updated, creating a window where the
tree is visible with a stale leaf count. Move the nr_leaves_on_tree
assignment before assoc_array_apply_edit() so the count is consistent
when the new root becomes visible.
Signed-off-by: Josh Law <objecting@objecting.org>
---
lib/assoc_array.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/assoc_array.c b/lib/assoc_array.c
index bcc6e0a013eb..0752fd44e066 100644
--- a/lib/assoc_array.c
+++ b/lib/assoc_array.c
@@ -1711,8 +1711,8 @@ int assoc_array_gc(struct assoc_array *array,
gc_complete:
edit->set[0].to = new_root;
- assoc_array_apply_edit(edit);
array->nr_leaves_on_tree = nr_leaves_on_tree;
+ assoc_array_apply_edit(edit);
return 0;
enomem:
--
2.34.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] lib/assoc_array: fix stale nr_leaves_on_tree after gc
2026-03-18 16:49 [PATCH] lib/assoc_array: fix stale nr_leaves_on_tree after gc Josh Law
@ 2026-03-18 17:23 ` Andrew Morton
2026-03-18 17:29 ` Josh Law
2026-03-18 17:43 ` Josh Law
0 siblings, 2 replies; 7+ messages in thread
From: Andrew Morton @ 2026-03-18 17:23 UTC (permalink / raw)
To: Josh Law; +Cc: linux-kernel, hlcj1234567
On Wed, 18 Mar 2026 16:49:59 +0000 Josh Law <objecting@objecting.org> wrote:
> In assoc_array_gc(), assoc_array_apply_edit() publishes the new tree
> root before nr_leaves_on_tree is updated, creating a window where the
> tree is visible with a stale leaf count. Move the nr_leaves_on_tree
> assignment before assoc_array_apply_edit() so the count is consistent
> when the new root becomes visible.
>
> ...
>
> --- a/lib/assoc_array.c
> +++ b/lib/assoc_array.c
> @@ -1711,8 +1711,8 @@ int assoc_array_gc(struct assoc_array *array,
>
> gc_complete:
> edit->set[0].to = new_root;
> - assoc_array_apply_edit(edit);
> array->nr_leaves_on_tree = nr_leaves_on_tree;
> + assoc_array_apply_edit(edit);
> return 0;
But assoc_array_apply_edit() alters array->nr_leaves_on_tree and now we
immediately overwrite that alteration?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] lib/assoc_array: fix stale nr_leaves_on_tree after gc
2026-03-18 17:23 ` Andrew Morton
@ 2026-03-18 17:29 ` Josh Law
2026-03-18 18:36 ` Andrew Morton
2026-03-18 17:43 ` Josh Law
1 sibling, 1 reply; 7+ messages in thread
From: Josh Law @ 2026-03-18 17:29 UTC (permalink / raw)
To: Andrew Morton; +Cc: linux-kernel, hlcj1234567
On 18 March 2026 17:23:19 GMT, Andrew Morton <akpm@linux-foundation.org> wrote:
>On Wed, 18 Mar 2026 16:49:59 +0000 Josh Law <objecting@objecting.org> wrote:
>
>> In assoc_array_gc(), assoc_array_apply_edit() publishes the new tree
>> root before nr_leaves_on_tree is updated, creating a window where the
>> tree is visible with a stale leaf count. Move the nr_leaves_on_tree
>> assignment before assoc_array_apply_edit() so the count is consistent
>> when the new root becomes visible.
>>
>> ...
>>
>> --- a/lib/assoc_array.c
>> +++ b/lib/assoc_array.c
>> @@ -1711,8 +1711,8 @@ int assoc_array_gc(struct assoc_array *array,
>>
>> gc_complete:
>> edit->set[0].to = new_root;
>> - assoc_array_apply_edit(edit);
>> array->nr_leaves_on_tree = nr_leaves_on_tree;
>> + assoc_array_apply_edit(edit);
>> return 0;
>
>But assoc_array_apply_edit() alters array->nr_leaves_on_tree and now we
>immediately overwrite that alteration?
Hi Andrew,
It probably doesn't overwrite it in this specific case.
In assoc_array_gc(), the edit script is zero-initialized, meaning edit->adjust_count_on is NULL. Because of this (and since array->root isn't NULL), assoc_array_apply_edit() safely skips the block that modifies nr_leaves_on_tree.
Since apply_edit() doesn't touch the count here, the explicit assignment right after is necessary to record the newly calculated post-GC count.
V/R
Josh Law
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] lib/assoc_array: fix stale nr_leaves_on_tree after gc
2026-03-18 17:23 ` Andrew Morton
2026-03-18 17:29 ` Josh Law
@ 2026-03-18 17:43 ` Josh Law
1 sibling, 0 replies; 7+ messages in thread
From: Josh Law @ 2026-03-18 17:43 UTC (permalink / raw)
To: Andrew Morton; +Cc: linux-kernel, hlcj1234567
On 18 March 2026 17:23:19 GMT, Andrew Morton <akpm@linux-foundation.org> wrote:
>On Wed, 18 Mar 2026 16:49:59 +0000 Josh Law <objecting@objecting.org> wrote:
>
>> In assoc_array_gc(), assoc_array_apply_edit() publishes the new tree
>> root before nr_leaves_on_tree is updated, creating a window where the
>> tree is visible with a stale leaf count. Move the nr_leaves_on_tree
>> assignment before assoc_array_apply_edit() so the count is consistent
>> when the new root becomes visible.
>>
>> ...
>>
>> --- a/lib/assoc_array.c
>> +++ b/lib/assoc_array.c
>> @@ -1711,8 +1711,8 @@ int assoc_array_gc(struct assoc_array *array,
>>
>> gc_complete:
>> edit->set[0].to = new_root;
>> - assoc_array_apply_edit(edit);
>> array->nr_leaves_on_tree = nr_leaves_on_tree;
>> + assoc_array_apply_edit(edit);
>> return 0;
>
>But assoc_array_apply_edit() alters array->nr_leaves_on_tree and now we
>immediately overwrite that alteration?
2/2
No, unless if the resulting tree is completely empty (edit->array->root == NULL). In that scenario, assoc_array_apply_edit() explicitly sets edit->array->nr_leaves_on_tree = 0, but since it's zero, it overwrites 0 with 0,
and In the assoc_array_gc() path, the edit struct is allocated with kzalloc(),
and edit->adjust_count_on is never set (it stays NULL). Because it's NULL,
assoc_array_apply_edit() actually skips the block that alters array->nr_leaves_on_tree
V/R
Josh Law
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] lib/assoc_array: fix stale nr_leaves_on_tree after gc
2026-03-18 17:29 ` Josh Law
@ 2026-03-18 18:36 ` Andrew Morton
2026-03-18 18:42 ` Josh Law
0 siblings, 1 reply; 7+ messages in thread
From: Andrew Morton @ 2026-03-18 18:36 UTC (permalink / raw)
To: Josh Law; +Cc: linux-kernel, hlcj1234567
On Wed, 18 Mar 2026 17:29:10 +0000 Josh Law <objecting@objecting.org> wrote:
> >
> >But assoc_array_apply_edit() alters array->nr_leaves_on_tree and now we
> >immediately overwrite that alteration?
>
>
> Hi Andrew,
>
> It probably doesn't overwrite it in this specific case.
>
>
> In assoc_array_gc(), the edit script is zero-initialized, meaning edit->adjust_count_on is NULL. Because of this (and since array->root isn't NULL), assoc_array_apply_edit() safely skips the block that modifies nr_leaves_on_tree.
wordwrapping, please.
> Since apply_edit() doesn't touch the count here, the explicit assignment right after is necessary to record the newly calculated post-GC count.
How about asking the author of this code?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] lib/assoc_array: fix stale nr_leaves_on_tree after gc
2026-03-18 18:36 ` Andrew Morton
@ 2026-03-18 18:42 ` Josh Law
0 siblings, 0 replies; 7+ messages in thread
From: Josh Law @ 2026-03-18 18:42 UTC (permalink / raw)
To: Andrew Morton; +Cc: linux-kernel, hlcj1234567, dhowells
On 18 March 2026 18:36:52 GMT, Andrew Morton <akpm@linux-foundation.org> wrote:
>On Wed, 18 Mar 2026 17:29:10 +0000 Josh Law <objecting@objecting.org> wrote:
>
>> >
>> >But assoc_array_apply_edit() alters array->nr_leaves_on_tree and now we
>> >immediately overwrite that alteration?
>>
>>
>> Hi Andrew,
>>
>> It probably doesn't overwrite it in this specific case.
>>
>>
>> In assoc_array_gc(), the edit script is zero-initialized, meaning edit->adjust_count_on is NULL. Because of this (and since array->root isn't NULL), assoc_array_apply_edit() safely skips the block that modifies nr_leaves_on_tree.
>
>wordwrapping, please.
>
>> Since apply_edit() doesn't touch the count here, the explicit assignment right after is necessary to record the newly calculated post-GC count.
>
>How about asking the author of this code?
+ CC: dhowells@redhat.com (file author)
Sorry Andrew, my email client isn't the best (Thunderbird mobile), I'm away from my laptop right now for a little bit..
V/R
Josh Law
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2026-03-18 18:43 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-18 16:49 [PATCH] lib/assoc_array: fix stale nr_leaves_on_tree after gc Josh Law
2026-03-18 17:23 ` Andrew Morton
2026-03-18 17:29 ` Josh Law
2026-03-18 18:36 ` Andrew Morton
2026-03-18 18:42 ` Josh Law
2026-03-18 17:43 ` Josh Law
-- strict thread matches above, loose matches on Subject: below --
2026-03-18 16:48 Josh Law
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox