From 913e2d895e77e56ba4ba4b823d4ef99dd07cc64c Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Wed, 1 Aug 2018 05:17:58 +0200
Subject: hashtables: document immediate zeroing semantics

Suggested-by: Jann Horn <jann@thejh.net>
---
 src/hashtables.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/hashtables.c b/src/hashtables.c
index ab0f622..03b9e21 100644
--- a/src/hashtables.c
+++ b/src/hashtables.c
@@ -133,6 +133,12 @@ bool index_hashtable_replace(struct index_hashtable *table, struct index_hashtab
 	spin_lock_bh(&table->lock);
 	new->index = old->index;
 	hlist_replace_rcu(&old->index_hash, &new->index_hash);
+
+	/* Calling init here NULLs out index_hash, and in fact after this function returns,
+	 * it's theoretically possible for this to get reinserted elsewhere. That means
+	 * the RCU lookup below might either terminate early or jump between buckets, in which
+	 * case the packet simply gets dropped, which isn't terrible.
+	 */
 	INIT_HLIST_NODE(&old->index_hash);
 	spin_unlock_bh(&table->lock);
 	return true;
-- 
cgit v1.2.3-59-g8ed1b