Re: [PATCH 4/8] rhashtable: fix race in nested_table_alloc()

From: NeilBrown
Date: Sat May 05 2018 - 17:48:38 EST

Next message: NeilBrown: "Re: [PATCH 1/8] rhashtable: silence RCU warning in rhashtable_test."
Previous message: NeilBrown: "Re: [PATCH 3/8] rhashtable: use cmpxchg() to protect ->future_tbl."
In reply to: Herbert Xu: "Re: [PATCH 4/8] rhashtable: fix race in nested_table_alloc()"
Next in thread: Herbert Xu: "Re: [PATCH 4/8] rhashtable: fix race in nested_table_alloc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, May 05 2018, Herbert Xu wrote:

> On Fri, May 04, 2018 at 01:54:14PM +1000, NeilBrown wrote:
>> If two threads run nested_table_alloc() at the same time
>> they could both allocate a new table.
>> Best case is that one of them will never be freed, leaking memory.
>> Worst case is hat entry get stored there before it leaks,
>> and the are lost from the table.
>>
>> So use cmpxchg to detect the race and free the unused table.
>>
>> Fixes: da20420f83ea ("rhashtable: Add nested tables")
>> Cc: stable@xxxxxxxxxxxxxxx # 4.11+
>> Signed-off-by: NeilBrown <neilb@xxxxxxxx>
>
> What about the spinlock that's meant to be held around this
> operation?

The spinlock protects 2 or more buckets. The nested table contains at
least 512 buckets, maybe more.
It is quite possible for two insertions into 2 different buckets to both
get their spinlock and both try to instantiate the same nested table.

Thanks,
NeilBrown

Attachment: signature.asc
Description: PGP signature

Next message: NeilBrown: "Re: [PATCH 1/8] rhashtable: silence RCU warning in rhashtable_test."
Previous message: NeilBrown: "Re: [PATCH 3/8] rhashtable: use cmpxchg() to protect ->future_tbl."
In reply to: Herbert Xu: "Re: [PATCH 4/8] rhashtable: fix race in nested_table_alloc()"
Next in thread: Herbert Xu: "Re: [PATCH 4/8] rhashtable: fix race in nested_table_alloc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]