From: Arnaldo Carvalho de Melo <acme@xxxxxxxxxxxxxxxx>
Date: Thu, 1 May 2003 14:51:11 -0300
Well, I think that because there are a graph of relationships here we perhaps
can be safe by protecting just some of the higher level objects (e.g. struct
sock, struct socket, struct net_device) while leaving some other lower level
objects managed by those higher level ones, e.g. struct sk_buff managed by
struct sock.
The graphs are unfortunately not completely connected.
For example, sk_buff's can be sent not assosciated with any socket.
Routing cache entries are not attached to any particular client,
similar with ARP/neighbour entires, and sk_buff's in turn hold
references to these things.
See, long ago we used to not do proper reference counting
on struct sock's. We used to rely on graphs of relationships
and certain sock states to control destruction of these objects.
The networking was riddled with obscure bugs because of this.
|