diff options
| author | Wei Wang <weiwan@google.com> | 2017-06-17 10:42:29 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-06-17 22:53:59 -0400 |
| commit | 0830106c53900181d336350581119af09e123bf3 (patch) | |
| tree | 23954c6a70cb21f051b24492757c4c2a2daa34ac /net/ipv4/route.c | |
| parent | 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 (diff) | |
| download | linux-0830106c53900181d336350581119af09e123bf3.tar.gz | |
ipv4: take dst->__refcnt when caching dst in fib
In IPv4 routing code, fib_nh and fib_nh_exception can hold pointers to struct rtable but they never increment dst->__refcnt. This leads to the need of the dst garbage collector because when user is done with this dst and calls dst_release(), it can only decrement dst->__refcnt and can not free the dst even it sees dst->__refcnt drops from 1 to 0 (unless DST_NOCACHE flag is set) because the routing code might still hold reference to it. And when the routing code tries to delete a route, it has to put the dst to the gc_list if dst->__refcnt is not yet 0 and have a gc thread running periodically to check on dst->__refcnt and finally to free dst when refcnt becomes 0. This patch increments dst->__refcnt when fib_nh/fib_nh_exception holds reference to this dst and properly release the dst when fib_nh/fib_nh_exception has been updated with a new dst. This patch is a preparation in order to fully get rid of dst gc later. Signed-off-by: Wei Wang <weiwan@google.com> Acked-by: Martin KaFai Lau <kafai@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/route.c')
| -rw-r--r-- | net/ipv4/route.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 0a843ef2b709..3dee0043117e 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -603,11 +603,13 @@ static void fnhe_flush_routes(struct fib_nh_exception *fnhe) rt = rcu_dereference(fnhe->fnhe_rth_input); if (rt) { RCU_INIT_POINTER(fnhe->fnhe_rth_input, NULL); + dst_release(&rt->dst); rt_free(rt); } rt = rcu_dereference(fnhe->fnhe_rth_output); if (rt) { RCU_INIT_POINTER(fnhe->fnhe_rth_output, NULL); + dst_release(&rt->dst); rt_free(rt); } } @@ -1332,9 +1334,12 @@ static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe, rt->rt_gateway = daddr; if (!(rt->dst.flags & DST_NOCACHE)) { + dst_hold(&rt->dst); rcu_assign_pointer(*porig, rt); - if (orig) + if (orig) { + dst_release(&orig->dst); rt_free(orig); + } ret = true; } @@ -1357,12 +1362,20 @@ static bool rt_cache_route(struct fib_nh *nh, struct rtable *rt) } orig = *p; + /* hold dst before doing cmpxchg() to avoid race condition + * on this dst + */ + dst_hold(&rt->dst); prev = cmpxchg(p, orig, rt); if (prev == orig) { - if (orig) + if (orig) { + dst_release(&orig->dst); rt_free(orig); - } else + } + } else { + dst_release(&rt->dst); ret = false; + } return ret; } |