[U-Boot] [PATCH] hashtable: fix environment variable corruption
Roman Kapl
rka at sysgo.com
Wed Jan 30 10:39:54 UTC 2019
Only first previously deleted entry was recognized, leading hsearch_r
to think that there was no previously deleted entry. It then conluded
that a free entry was found, even if there were no free entries and it
overwrote a random entry.
This patch makes sure all deleted or free entries are always found and
also introduces constants for the 0 and -1 numbers. Unit tests to excersise a
simple hash table usage and catch the corruption were added.
To trash your environment, simply run this loop:
setenv i 0
while true; do
setenv v_$i $i
setenv v_$i
setexpr i $i + 1
done
Signed-off-by: Roman Kapl <rka at sysgo.com>
---
Note: The hash-table will still degenerate into a linear search in the
case above, maybe re-hashing should be done with an appropriate
trigger.
lib/hashtable.c | 13 ++++--
test/env/Makefile | 1 +
test/env/hashtable.c | 125 +++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 136 insertions(+), 3 deletions(-)
create mode 100644 test/env/hashtable.c
diff --git a/lib/hashtable.c b/lib/hashtable.c
index 50ff40a397..0d288d12d9 100644
--- a/lib/hashtable.c
+++ b/lib/hashtable.c
@@ -40,6 +40,9 @@
#define CONFIG_ENV_MAX_ENTRIES 512
#endif
+#define USED_FREE 0
+#define USED_DELETED -1
+
#include <env_callback.h>
#include <env_flags.h>
#include <search.h>
@@ -303,7 +306,7 @@ int hsearch_r(ENTRY item, ACTION action, ENTRY ** retval,
*/
unsigned hval2;
- if (htab->table[idx].used == -1
+ if (htab->table[idx].used == USED_DELETED
&& !first_deleted)
first_deleted = idx;
@@ -335,13 +338,17 @@ int hsearch_r(ENTRY item, ACTION action, ENTRY ** retval,
if (idx == hval)
break;
+ if (htab->table[idx].used == USED_DELETED
+ && !first_deleted)
+ first_deleted = idx;
+
/* If entry is found use it. */
ret = _compare_and_overwrite_entry(item, action, retval,
htab, flag, hval, idx);
if (ret != -1)
return ret;
}
- while (htab->table[idx].used);
+ while (htab->table[idx].used != USED_FREE);
}
/* An empty bucket has been found. */
@@ -433,7 +440,7 @@ static void _hdelete(const char *key, struct hsearch_data *htab, ENTRY *ep,
free(ep->data);
ep->callback = NULL;
ep->flags = 0;
- htab->table[idx].used = -1;
+ htab->table[idx].used = USED_DELETED;
--htab->filled;
}
diff --git a/test/env/Makefile b/test/env/Makefile
index d71a11b6e2..5c8eae31b0 100644
--- a/test/env/Makefile
+++ b/test/env/Makefile
@@ -4,3 +4,4 @@
obj-y += cmd_ut_env.o
obj-y += attr.o
+obj-y += hashtable.o
diff --git a/test/env/hashtable.c b/test/env/hashtable.c
new file mode 100644
index 0000000000..8c87e65457
--- /dev/null
+++ b/test/env/hashtable.c
@@ -0,0 +1,125 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * (C) Copyright 2019
+ * Roman Kapl, SYSGO, rka at sysgo.com
+ */
+
+#include <common.h>
+#include <command.h>
+#include <search.h>
+#include <stdio.h>
+#include <test/env.h>
+#include <test/ut.h>
+
+#define SIZE 32
+#define ITERATIONS 10000
+
+static int htab_fill(struct unit_test_state *uts,
+ struct hsearch_data *htab, size_t size)
+{
+ size_t i;
+ ENTRY item;
+ ENTRY *ritem;
+ char key[20];
+
+ for (i = 0; i < size; i++) {
+ sprintf(key, "%d", (int)i);
+ item.callback = NULL;
+ item.data = key;
+ item.flags = 0;
+ item.key = key;
+ ut_asserteq(1, hsearch_r(item, ENTER, &ritem, htab, 0));
+ }
+
+ return 0;
+}
+
+static int htab_check_fill(struct unit_test_state *uts,
+ struct hsearch_data *htab, size_t size)
+{
+ size_t i;
+ ENTRY item;
+ ENTRY *ritem;
+ char key[20];
+
+ for (i = 0; i < size; i++) {
+ sprintf(key, "%d", (int)i);
+ item.callback = NULL;
+ item.flags = 0;
+ item.data = key;
+ item.key = key;
+ hsearch_r(item, FIND, &ritem, htab, 0);
+ ut_assert(ritem);
+ ut_asserteq_str(key, ritem->key);
+ ut_asserteq_str(key, ritem->data);
+ }
+
+ return 0;
+}
+
+static int htab_create_delete(struct unit_test_state *uts,
+ struct hsearch_data *htab, size_t iterations)
+{
+ size_t i;
+ ENTRY item;
+ ENTRY *ritem;
+ char key[20];
+
+ for (i = 0; i < iterations; i++) {
+ sprintf(key, "cd-%d", (int)i);
+ item.callback = NULL;
+ item.flags = 0;
+ item.data = key;
+ item.key = key;
+ hsearch_r(item, ENTER, &ritem, htab, 0);
+ ritem = NULL;
+
+ hsearch_r(item, FIND, &ritem, htab, 0);
+ ut_assert(ritem);
+ ut_asserteq_str(key, ritem->key);
+ ut_asserteq_str(key, ritem->data);
+
+ ut_asserteq(1, hdelete_r(key, htab, 0));
+ }
+
+ return 0;
+}
+
+/* Completely fill up the hash table */
+static int env_test_htab_fill(struct unit_test_state *uts)
+{
+ struct hsearch_data htab;
+
+ memset(&htab, 0, sizeof(htab));
+ ut_asserteq(1, hcreate_r(SIZE, &htab));
+
+ ut_assertok(htab_fill(uts, &htab, SIZE));
+ ut_assertok(htab_check_fill(uts, &htab, SIZE));
+ ut_asserteq(SIZE, htab.filled);
+
+ hdestroy_r(&htab);
+ return 0;
+}
+
+ENV_TEST(env_test_htab_fill, 0);
+
+/* Fill the hashtable up halfway an repeateadly delete/create elements
+ * and check for corruption
+ */
+static int env_test_htab_deletes(struct unit_test_state *uts)
+{
+ struct hsearch_data htab;
+
+ memset(&htab, 0, sizeof(htab));
+ ut_asserteq(1, hcreate_r(SIZE, &htab));
+
+ ut_assertok(htab_fill(uts, &htab, SIZE / 2));
+ ut_assertok(htab_create_delete(uts, &htab, ITERATIONS));
+ ut_assertok(htab_check_fill(uts, &htab, SIZE / 2));
+ ut_asserteq(SIZE / 2, htab.filled);
+
+ hdestroy_r(&htab);
+ return 0;
+}
+
+ENV_TEST(env_test_htab_deletes, 0);
--
2.11.0
More information about the U-Boot
mailing list