Sven Eckelmann wrote: > Hi, > > if anyone wants to start to track all usage cases of the batman_if and > gw_node then he can use the functions defined in following two patches. > The patches are not fixes, but they provide a starting point for the > actual bugfix.
Please ignore
[PATCH 1/2] batman-adv: Use refcnt to track usage count of gw_node
[PATCH 2/2] batman-adv: Use refcnt to track usage count of batman_if
[PATCH 2/2] batman-adv: Use refcnt to track usage count of batman_if
The problem is that the refcnt check must be done after the grace period and
not before. Otherwise we may think that nobody uses it anymore, but instead it
is still referenced inside a rcu_read_lock...rcu_read_unlock and the refcnt
will be updated a little bit later than the refcnt check is made.
rcu_read_lock | xyz_write_lock
xyz_list_rcu { | xyz_list_del_rcu(x->list)
.... | xyz_put(x)
xyz_hold(x) | -> call_rcu(free_xyz)
.... |
rcu_read_unlock |
| -> free_xyz(x)
I will repost the whole patch set later. The solution is to use
synchronize_rcu instead of call_rcu and calling free_xyz directly. This
solution is not possible if sleeping is not allowed in that situation or it is
relative time critical.
Another way is to add a deleted flag and an extra spinlock. This spinlock must
be used before "put"ting/holding an element in rcu_read_lock. So the reader
side would need following code:
spin_lock(&x->lock);
if (x->deleted) {
be confused and dont use it as valid candidate
} else {
mark it as valid candidate and hold it
}
spin_unlock(&x->lock);
on the updater/writer site we must use something like that:
spin_lock(&x->lock);
list_del_rcu(&x->list);
x->deleted = 1;
spin_unlock(&x->lock);
put element
Best regards,
Sven
signature.asc
Description: This is a digitally signed message part.
