From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:59452 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933514AbbIZVRy (ORCPT ); Sat, 26 Sep 2015 17:17:54 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Phil Sutter , Herbert Xu , "David S. Miller" Subject: [PATCH 4.1 115/159] rhashtable: fix for resize events during table walk Date: Sat, 26 Sep 2015 13:56:01 -0700 Message-Id: <20150926205320.420063319@linuxfoundation.org> In-Reply-To: <20150926205313.363686083@linuxfoundation.org> References: <20150926205313.363686083@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Sender: stable-owner@vger.kernel.org List-ID: 4.1-stable review patch. If anyone has any objections, please let me know. ------------------ From: Phil Sutter [ Upstream commit 142b942a75cb10ede1b42bf85368d41449ab4e3b ] If rhashtable_walk_next detects a resize operation in progress, it jumps to the new table and continues walking that one. But it misses to drop the reference to it's current item, leading it to continue traversing the new table's bucket in which the current item is sorted into, and after reaching that bucket's end continues traversing the new table's second bucket instead of the first one, thereby potentially missing items. This fixes the rhashtable runtime test for me. Bug probably introduced by Herbert Xu's patch eddee5ba ("rhashtable: Fix walker behaviour during rehash") although not explicitly tested. Fixes: eddee5ba ("rhashtable: Fix walker behaviour during rehash") Signed-off-by: Phil Sutter Acked-by: Herbert Xu Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- lib/rhashtable.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/lib/rhashtable.c +++ b/lib/rhashtable.c @@ -612,6 +612,8 @@ next: iter->skip = 0; } + iter->p = NULL; + /* Ensure we see any new tables. */ smp_rmb(); @@ -622,8 +624,6 @@ next: return ERR_PTR(-EAGAIN); } - iter->p = NULL; - out: return obj;