Commit 7def0f95 authored Sep 22, 2015 by Dmitriy Vyukov Committed by David S. Miller Sep 22, 2015

lib: fix data race in rhashtable_rehash_one



rhashtable_rehash_one() uses complex logic to update entry->next field,
after INIT_RHT_NULLS_HEAD and NULLS_MARKER expansion:

entry->next = 1 | ((base + off) << 1)

This can be compiled along the lines of:

entry->next = base + off
entry->next <<= 1
entry->next |= 1

Which will break concurrent readers.

NULLS value recomputation is not needed here, so just remove
the complex logic.

The data race was found with KernelThreadSanitizer (KTSAN).

Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 23eedbc2

lib/rhashtable.c

+1 −4

Original line number	Diff line number	Diff line
		@@ -187,9 +187,6 @@ static int rhashtable_rehash_one(struct rhashtable *ht, unsigned int old_hash)
		head = rht_dereference_bucket(new_tbl->buckets[new_hash],
		new_tbl, new_hash);

		if (rht_is_a_nulls(head))
		INIT_RHT_NULLS_HEAD(entry->next, ht, new_hash);
		else
		RCU_INIT_POINTER(entry->next, head);

		rcu_assign_pointer(new_tbl->buckets[new_hash], entry);