On Sun, Nov 6, 2022 at 6:34 PM Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> wrote: > > > > > For bpf_timer, it would mean moving drop_prog_refcnt outside spin lock critical > > section. hrtimer_cancel is already done after the unlock. For bpf_list_head, it > > would mean swapping out the list_head and then draining it outside the lock. > > That also works. > drop_prog_refcnt() can be moved after unlock. > Don't see any race. I mean not the whole function obviously. Instead of static void drop_prog_refcnt(struct bpf_hrtimer *t) it can become static struct bpf_prog *drop_prog_refcnt(struct bpf_hrtimer *t) t->prog and callback_fn should only be manipulated under lock. bpf_prog_put itself can happen after unlock.
