| To: | Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [PATCH] arp_queue: serializing unlink + kfree_skb |
| From: | Anton Blanchard <anton@xxxxxxxxx> |
| Date: | Fri, 4 Feb 2005 01:27:05 +1100 |
| Cc: | Olaf Kirch <okir@xxxxxxx>, netdev@xxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx |
| In-reply-to: | <E1CvZo6-0001Bz-00@gondolin.me.apana.org.au> |
| References: | <20050131102920.GC4170@suse.de> <E1CvZo6-0001Bz-00@gondolin.me.apana.org.au> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mutt/1.5.6+20040907i |
Hi,
> For example, in this particular case, a more sinister (but probably
> impossible for sk_buff objects) problem would be for the list removal
> itself to be delayed until after the the kfree_skb. This could
> potentially mean that we're reading/writing memory that's already
> been freed.
>
> Perhaps we should always add a barrier to such operations. So
> kfree_skb would become
>
> if (atomic_read(&skb->users) != 1) {
> smp_mb__before_atomic_dec();
> if (!atomic_dec_and_test(&skb->users))
> return;
> }
> __kfree_skb(skb);
Architectures should guarantee that any of the atomics and bitops that
return values order in both directions. So you dont need the
smp_mb__before_atomic_dec here.
It is, however, required on the atomics and bitops that dont return
values. Its difficult stuff, everyone gets it wrong and Andrew keeps
hassling me to write up a document explaining it.
Anton
|
| Previous by Date: | How much ARP requests need to single IP address?, cranium 2003 |
|---|---|
| Next by Date: | [PATCH 5/20] net/pktgen: remove interruptible_sleep_on_timeout() usage, Robert Olsson |
| Previous by Thread: | Re: [PATCH] arp_queue: serializing unlink + kfree_skb, David S. Miller |
| Next by Thread: | Re: [PATCH] arp_queue: serializing unlink + kfree_skb, David S. Miller |
| Indexes: | [Date] [Thread] [Top] [All Lists] |