From 5f2f89209500623ccb4713ec4af7de86fd30a9e4 Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Tue, 15 Jun 2010 21:47:39 -0700 Subject: [PATCH] inetpeer: do not use zero refcnt for freed entries Followup of commit aa1039e73cc2 (inetpeer: RCU conversion) Unused inet_peer entries have a null refcnt. Using atomic_inc_not_zero() in rcu lookups is not going to work for them, and slow path is taken. Fix this using -1 marker instead of 0 for deleted entries. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller --- net/ipv4/inetpeer.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c index 58fbc7e2475e..349249fad2db 100644 --- a/net/ipv4/inetpeer.c +++ b/net/ipv4/inetpeer.c @@ -187,7 +187,12 @@ static struct inet_peer *lookup_rcu_bh(__be32 daddr) while (u != peer_avl_empty) { if (daddr == u->v4daddr) { - if (unlikely(!atomic_inc_not_zero(&u->refcnt))) + /* Before taking a reference, check if this entry was + * deleted, unlink_from_pool() sets refcnt=-1 to make + * distinction between an unused entry (refcnt=0) and + * a freed one. + */ + if (unlikely(!atomic_add_unless(&u->refcnt, 1, -1))) u = NULL; return u; } @@ -322,8 +327,9 @@ static void unlink_from_pool(struct inet_peer *p) * in cleanup() function to prevent sudden disappearing. If we can * atomically (because of lockless readers) take this last reference, * it's safe to remove the node and free it later. + * We use refcnt=-1 to alert lockless readers this entry is deleted. */ - if (atomic_cmpxchg(&p->refcnt, 1, 0) == 1) { + if (atomic_cmpxchg(&p->refcnt, 1, -1) == 1) { struct inet_peer **stack[PEER_MAXDEPTH]; struct inet_peer ***stackptr, ***delp; if (lookup(p->v4daddr, stack) != p) -- GitLab