rhashtable: Fix rhashtable_try_insert test

The test on whether rhashtable_insert_one did an insertion relies
on the value returned by rhashtable_lookup_one.  Unfortunately that
value is overwritten after rhashtable_insert_one returns.  Fix this
by moving the test before data gets overwritten.

Simplify the test as only data == NULL matters.

Finally move atomic_inc back within the lock as otherwise it may
be reordered with the atomic_dec on the removal side, potentially
leading to an underflow.

Reported-by: Michael Kelley <mhklinux@outlook.com>
Fixes: e1d3422c95f0 ("rhashtable: Fix potential deadlock by moving schedule_work outside lock")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Michael Kelley <mhklinux@outlook.com>
Reviewed-by: Breno Leitao <leitao@debian.org>
Tested-by: Mikhail Zaslonko <zaslonko@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/lib/rhashtable.c b/lib/rhashtable.c
index bf956b85455ab4990e335fca5fa641d431afe857..0e9a1d4cf89be0cd67b3da4173be2c5ea039c33d 100644 (file)
--- a/lib/rhashtable.c
+++ b/lib/rhashtable.c
@@ -611,21 +611,23 @@ static void *rhashtable_try_insert(struct rhashtable *ht, const void *key,
                        new_tbl = rht_dereference_rcu(tbl->future_tbl, ht);
                        data = ERR_PTR(-EAGAIN);
                } else {
+                       bool inserted;
+
                        flags = rht_lock(tbl, bkt);
                        data = rhashtable_lookup_one(ht, bkt, tbl,
                                                     hash, key, obj);
                        new_tbl = rhashtable_insert_one(ht, bkt, tbl,
                                                        hash, obj, data);
+                       inserted = data && !new_tbl;
+                       if (inserted)
+                               atomic_inc(&ht->nelems);
                        if (PTR_ERR(new_tbl) != -EEXIST)
                                data = ERR_CAST(new_tbl);
 
                        rht_unlock(tbl, bkt, flags);
 
-                       if (PTR_ERR(data) == -ENOENT && !new_tbl) {
-                               atomic_inc(&ht->nelems);
-                               if (rht_grow_above_75(ht, tbl))
-                                       schedule_work(&ht->run_work);
-                       }
+                       if (inserted && rht_grow_above_75(ht, tbl))
+                               schedule_work(&ht->run_work);
                }
        } while (!IS_ERR_OR_NULL(new_tbl));