Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > Two CPUs may race to remove a connection from the list, the existing > conn->dead will result in a use-after-free. Use the per-list spinlock to > protect list iterations. Freeing occurs via RCU, so no use-after-free should be possible. However, I do agree that ->dead should not be needed. I think its best to just use the 'count' to know when we can't re-use a list from the rcu section. There are only three possibilities: - node.list > 0: simple insertion after acquiring the lock. - node doesn't exist: defer to locked variant (i.e. fall back to insert_tree). - node has 0: just fall back to insert_tree. >From insert_tree, we can re-use an entry with a node count of 0 just fine: We are holding the tree lock, so GC hasn't had a chance to rip it out yet. I think this will simplify things considerably.
