On Sun, 28 Jan 2024 at 12:53, Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> Now, the RCU delay may be needed if the lookup of said structure
> happens under RCU, but no, saying "I use SRCU to make sure the
> lifetime is at least X" is just broken.
Put another way, the only reason for any RCU should be that you don't
use locking at lookup, and the normal lookup routine should follow a
pattern something like this:
rcu_read_lock();
entry = find_entry(...);
if (entry && !atomic_inc_not_zero(&entry->refcount))
entry = NULL;
rcu_read_unlock();
and the freeing should basically follow a pattern like
if (atomic_dec_and_test(&entry->refcount))
rcu_free(entry);
IOW, the *lifetime* is entirely about the refcount. No "I have killed
this entry" stuff. The RCU is purely about "look, we have to look up
the entry while it's being torn down, so I can fundamentally race with
the teardown, and so I need to be able to see that zero refcount".
Of course, the "remove it from whatever hash lists or other data
structures that can reach it" happens before the freeing,
*One* such thing would be the "->d_release()" of a dentry that has a
ref to it in d_fsdata, but presumably there are then other
subsystem-specific hash tables etc that have their own refcounts.
And a side note - I personally happen to believe that if you think you
need SRCU rather than regular RCU, you've already done something
wrong.
And the reason for that is possibly because you've mixed up the
refcount logic with some other subsystem locking logic, so you're
using sleeping locks to protect a refcount. That's a mistake of its
own. The refcounts are generally better just done using atomics (maybe
krefs).
Linus
