On Tue, Feb 05, 2019 at 11:06:00AM +0100, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > With your chunk in place, I don't see any listcnt++, now the > > ->activate path is gone, so we never bump it again? Refering to this > > patch. > > I moved it to nft_xt_get(). Oh I see, the follow up patch. I fixed the build problem with this chunk: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git/diff/net/netfilter/nft_compat.c?id=f6ac8585897684374a19863fff21186a05805286 Which leaves things as is I think, ie. fixes the build problem and leaves nft_compat untouched. I would suggest you collapse your patch 1/2 and 2/2 into one single patch and we place it in nf.git? I mean, the follow up 2/2 is required by 1/2 since the listcnt++ is a dependency. Sorry, for a bit for all these going back and forth to confirm things. [...] > > Right? > > I think so, yes -- we could switch to kfree. > > We unlink from global list earlier and the ->destroy invocation happens > after synchronize_rcu from worker, no parallel access is possible. > > Probably change this in -next though. OK, let's explore all these ideas to simplify nft_compat in net-next. Thanks!
