Hi Shawn, On Wed, Dec 26, 2018 at 01:27:58PM -0600, Shawn Bohrer wrote: > On Wed, Dec 26, 2018 at 02:55:00PM +0100, Pablo Neira Ayuso wrote: > > On Wed, Dec 26, 2018 at 02:41:59PM +0100, Pablo Neira Ayuso wrote: > > > Instead of removing a empty list node that might be reintroduced soon > > > thereafter, tentatively place the empty list node in the garbage > > > collector, then re-check if the list is empty again before deleting it. > > > > > > This patch is aiming to simplify the garbage collection interaction > > > between the packet path and the workqueue to delete empty lists. > > > > Hm, still not good enough. > > > > Workqueue and packet path may race to place the same node in the > > gc_nodes[] array, leading to possible use-after-free. > > Hey Pablo, > > I assume you realize this, but the race can happen with or without > your patch. I think you could fix the race by expanding the spinlock > in tree_gc_worker() to cover the walking of the tree instead of doing > it as a RCU reader. > > Anyway, are you still working on an alternative solution to my > patches? My patch #2 was broken, but I can resend a fixed version if > there is interest in going that way. Yes, will send patches asap that you can review. Thanks.
