From: David Windsor <dwind...@gmail.com> Date: Mon, 23 Jan 2017 07:42:51 -0500
> struct inet_peer objects get freed when their reference count > becomes -1, not 0 as is the usual case. Is there a reason why this > is so? inet peer entries that sit in the tree, but have no other reference taken, have a reference count of zero. Therefore, any entry which has a reference count of zero can be safely garbage collected from the tree. When the garbage collector purges entries with a zero refcnt, it atomically sets the refcnt to -1 so that other threads of control in RCU protected sections that still see this entry in the tree will not be able to grab it for use. The -1 marker is used as a synchronization mechanism between the GC and lookup paths. Once -1 is atomically set, the GC code knows that no external reference can be created.
