Sven Eckelmann wrote:
Hi,
if anyone wants to start to track all usage cases of the batman_if and gw_node then he can use the functions defined in following two patches. The patches are not fixes, but they provide a starting point for the actual bugfix.
Please ignore
[PATCH 1/2] batman-adv: Use refcnt to track usage count of gw_node [PATCH 2/2] batman-adv: Use refcnt to track usage count of batman_if [PATCH 2/2] batman-adv: Use refcnt to track usage count of batman_if
The problem is that the refcnt check must be done after the grace period and not before. Otherwise we may think that nobody uses it anymore, but instead it is still referenced inside a rcu_read_lock...rcu_read_unlock and the refcnt will be updated a little bit later than the refcnt check is made.
rcu_read_lock | xyz_write_lock xyz_list_rcu { | xyz_list_del_rcu(x->list) .... | xyz_put(x) xyz_hold(x) | -> call_rcu(free_xyz) .... | rcu_read_unlock | | -> free_xyz(x)
I will repost the whole patch set later. The solution is to use synchronize_rcu instead of call_rcu and calling free_xyz directly. This solution is not possible if sleeping is not allowed in that situation or it is relative time critical.
Another way is to add a deleted flag and an extra spinlock. This spinlock must be used before "put"ting/holding an element in rcu_read_lock. So the reader side would need following code:
spin_lock(&x->lock); if (x->deleted) { be confused and dont use it as valid candidate } else { mark it as valid candidate and hold it } spin_unlock(&x->lock);
on the updater/writer site we must use something like that:
spin_lock(&x->lock); list_del_rcu(&x->list); x->deleted = 1; spin_unlock(&x->lock); put element
Best regards, Sven