Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 1 Mar 2005 11:59:49 +0000 (GMT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Doug White <dwhite@gumbysoft.com>
Cc:        Kris Kennaway <kris@obsecurity.org>
Subject:   Re: Race condition in mb_free_ext()?
Message-ID:  <Pine.NEB.3.96L.1050301115818.31509A-100000@fledge.watson.org>
In-Reply-To: <20050228214850.X62607@carver.gumbysoft.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On Mon, 28 Feb 2005, Doug White wrote:

> Forgive me for being naieve, but is there a reason you don't do an
> atomic subtraction on the refcount?  I can see why it repeats -- if two
> things are warring over the refcount one or the other keep trying until
> one wins -- but the subtraction would seem more intuitive. 

I'm not all that familiar with this code, but my guess is that he uses the
cmpset so that he guarantees the value of 'cnt' is fresh with respect to
the decrement -- i.e., only one caller to mb_free_ext() will end up with a
'cnt' of 1 and perform the GC.  If you re-read it, there may be a race.

Robert N M Watson




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1050301115818.31509A-100000>