On Saturday, February 23, 2013 02:37:06 Sasha Levin wrote: > I'm confused about how batadv_orig_hash_del_if removes an interface from > the hashtable. I see the hashtable is using rcu to protect it, but when we > delete an entry we free it straight away by calling > batadv_orig_node_del_if() and not going through kfree_rcu(). > > Is there a reason behind doing that, or might it be the cause of the > problem we're seeing here?
Maybe I am overlooking something but it seems to me access to this memory is protected by the same lock: orig_node->ogm_cnt_lock Before batadv_orig_node_del_if() is called this lock is acquired and batadv_slide_own_bcast_window() also attempts acquire the orig_node- >ogm_cnt_lock spinlock before writing to this chunk of memory. Do we know for certain that batadv_orig_hash_del_if() is involved or is that a guess at this point ? If you ask me the next for-loop in batadv_orig_hash_del_if() looks more suspicious than the first one. The interfaces get renumbered without any protection. Could be a regression from the orig_hash_lock removal (the comments refer to a now inexisting lock). Cheers, Marek -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
