Bug #237
Updated by Sven Eckelmann almost 4 years ago
Simon debugged the refcnt problem and submitted some patches to fix them. I had a brief look and noticed that there are possible more problems similar to the <code>*list_del*</code> ones - just with <code>*list_add*</code>. Basically some functions use some kind of get function, notice that the element does not exist and then create a new one to add to the list. Only the "<code>list_add</code>" is protected. The result may be that an element in twice in a list when only a single occurrence is allowed. The problem I saw is that functions adding objects in an RCU protected list are missing an definitive check. They first call some kind of <code>*_get</code> (<code>rcu_read_lock</code> only) to check if an object with this value already exists and then uses some kind of <code>*_add</code> to allocate a new object and add it (which may already be added in by a different context). So it has to be made sure that nothing modifies the list between the check and the add of the new object). Linus already proposed a patch: https://patchwork.open-mesh.org/project/b.a.t.m.a.n./patch/1452150672-11174-2-git-send-email-linus.luessing@c0d3.blue/ https://patchwork.open-mesh.org/patch/4919/