Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > With your chunk in place, I don't see any listcnt++, now the > ->activate path is gone, so we never bump it again? Refering to this > patch. I moved it to nft_xt_get(). > OK, now with this chunk we remove the match/target from the > abort/commit phase. Yes. > And nft_xt_put() from the destroy path deals with removing the > extension (BTW, probably no need for kfree_rcu() anymore?). It frees the memory, yes. > Right? I think so, yes -- we could switch to kfree. We unlink from global list earlier and the ->destroy invocation happens after synchronize_rcu from worker, no parallel access is possible. Probably change this in -next though. > > We could also consider removing the entire list handling and always > > use a 1:1 mapping of nft_expr <-> nft_compat_ops > > > > (we don't need to "Recover" in case of error). > > You mean, no reuse at all of the nft_xt object. Yes, no reuses. Only if it makes things simpler, of course -- i did not give it a try yet.
