This includes a couple of fixes that I found while investigating the
crash I was experiencing. The crash is fixed in the first patch.
Additionally as I'm not terribly familiar with the netfilter code, I have
some questions that might lead to additional fixes.
1. Should nf_conncount_destroy() acquire the nf_conncount_locks
spinlock? This updates the tree by calling rb_erase() so what keeps it
from racing with insert_tree() or tree_gc_worker()?
2. I'm in no way an RCU expert, but I don't think rb_erase() is RCU
safe. Under the covers it eventually calls __rb_change_child() and not
__rb_change_child_rcu(). Actually same thing for rb_insert_color().
I'll note there are very few users in the kernel currently using RCU
with rbtrees.
3. As an optimization it might be possible to use rb_replace_node_rcu()
when an exact match is found, but the node is dead. I haven't spent
enough time thinking about how to rework the code to do this.
Shawn Bohrer (3):
nf_conncount: Set correct parent rbnode when inserting on exact match
nf_conncount: GC dead rbnodes when inserting a new node that is exact
match
nf_conncount: tree_gc_worker should gc trees > CONNCOUNT_LOCK_SLOTS
net/netfilter/nf_conncount.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
--
2.19.2
