On Tue, 2012-06-05 at 15:52 +0800, Gao feng wrote:
> +static void __net_exit inetpeer_net_exit(struct net *net)
> +{
> + inetpeer_invalidate_tree(net, AF_INET);
> + kfree(net->ipv4.peers);
> +
> + inetpeer_invalidate_tree(net, AF_INET6);
> + kfree(net->ipv6.peers);
> +}
> +
Are we 1000% sure no code ever run in inetpeer land after this call ?
I would add
net->ipv4.peers = NULL;
net->ipv6.peers = NULL;
to catch NULL deref instead of strange errors, just in case.
By the way, I think we have a bug in inetpeer_gc_worker()
Steffen ?
We have no rcu grace period to make sure the following is safe :
if (!atomic_read(&p->refcnt)) {
list_del(&p->gc_list);
kmem_cache_free(peer_cachep, p);
}
I'll post a fix like :
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
index d4d61b6..07731b5 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
@@ -137,7 +137,7 @@ static void inetpeer_gc_worker(struct work_struct *work)
n = list_entry(p->gc_list.next, struct inet_peer, gc_list);
- if (!atomic_read(&p->refcnt)) {
+ if (atomic_cmpxchg(&p->refcnt, 0, -1) == 0) {
list_del(&p->gc_list);
kmem_cache_free(peer_cachep, p);
}
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
