On 8/1/19 2:32 AM, Nikolay Aleksandrov wrote: > On 8/1/19 1:53 AM, Stephen Hemminger wrote: >> >>> -int br_vlan_init(struct net_bridge *br) >>> +static int br_vlan_init(struct net_bridge *br) >>> { >>> struct net_bridge_vlan_group *vg; >>> int ret = -ENOMEM; >>> @@ -1083,6 +1085,8 @@ int br_vlan_init(struct net_bridge *br) >>> return ret; >>> >>> err_vlan_add: >>> + RCU_INIT_POINTER(br->vlgrp, NULL); >>> + synchronize_rcu(); >> >> Calling sychronize_rcu is expensive. And the callback for >> notifier is always called with rtnl_head. >> >> Why not just keep the pointer initialization back in the >> code where bridge is created, it was safe there. >> > > Because now the device registered and we've published the group, right now > it is not an issue but if we expose an rcu helper we'll have to fix this > because it'd become a bug. > I'd prefer to have the error path correct and future-proof it, since it's > an error path we're not concerned with speed, but rather correctness. Also > these are rarely exercised so the bug might remain for a very long time. > > About why move it - I've explained in the commit message, it might be safe but it has presented a lot of bugs, we'll have to separate it in two parts one that initializes the vlan group and second one which adds the fdb, then we'll have to split the flush/delete in two different places to cleanup. This way we have only a single exit point that cleans up and it works for all cases. The synchronize there wouldn't be called under normal circumstances.