inetpeer: do not use zero refcnt for freed entries
authorEric Dumazet <eric.dumazet@gmail.com>
Wed, 16 Jun 2010 04:47:39 +0000 (21:47 -0700)
committerDavid S. Miller <davem@davemloft.net>
Wed, 16 Jun 2010 04:47:39 +0000 (21:47 -0700)
Followup of commit aa1039e73cc2 (inetpeer: RCU conversion)

Unused inet_peer entries have a null refcnt.

Using atomic_inc_not_zero() in rcu lookups is not going to work for
them, and slow path is taken.

Fix this using -1 marker instead of 0 for deleted entries.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/inetpeer.c

index 58fbc7e..349249f 100644 (file)
@@ -187,7 +187,12 @@ static struct inet_peer *lookup_rcu_bh(__be32 daddr)
 
        while (u != peer_avl_empty) {
                if (daddr == u->v4daddr) {
-                       if (unlikely(!atomic_inc_not_zero(&u->refcnt)))
+                       /* Before taking a reference, check if this entry was
+                        * deleted, unlink_from_pool() sets refcnt=-1 to make
+                        * distinction between an unused entry (refcnt=0) and
+                        * a freed one.
+                        */
+                       if (unlikely(!atomic_add_unless(&u->refcnt, 1, -1)))
                                u = NULL;
                        return u;
                }
@@ -322,8 +327,9 @@ static void unlink_from_pool(struct inet_peer *p)
         * in cleanup() function to prevent sudden disappearing.  If we can
         * atomically (because of lockless readers) take this last reference,
         * it's safe to remove the node and free it later.
+        * We use refcnt=-1 to alert lockless readers this entry is deleted.
         */
-       if (atomic_cmpxchg(&p->refcnt, 1, 0) == 1) {
+       if (atomic_cmpxchg(&p->refcnt, 1, -1) == 1) {
                struct inet_peer **stack[PEER_MAXDEPTH];
                struct inet_peer ***stackptr, ***delp;
                if (lookup(p->v4daddr, stack) != p)