Date: Sat, 2 Sep 2006 08:13:19 +0400 (MSD) From: Maxim Konovalov <maxim@macomnet.ru> To: Andre Oppermann <andre@freebsd.org> Cc: freebsd-net@freebsd.org, Randall Stewart <rrs@cisco.com> Subject: Re: Problem with uipc_mbuf.c Message-ID: <20060902081043.J32527@mp2.macomnet.net> In-Reply-To: <44F45A2A.8030405@freebsd.org> References: <44F35A65.3080605@cisco.com> <20060828224452.GK37035@funkthat.com> <44F45A2A.8030405@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 29 Aug 2006, 17:15+0200, Andre Oppermann wrote:
> John-Mark Gurney wrote:
> > Randall Stewart wrote this message on Mon, Aug 28, 2006 at 17:04 -0400:
> > > atomic_fetchadd_int(m->m_ext.ref_cnt, -1) == 0) {
> > ^
> >
> > This should be 1 not 0.. as apparently fetchadd_int returns the
> > old value (at least that's what atomic(9) says), which means that
> > if we ever race on this comparision, we won't free though we
> > should of...
> >
> > if we look at refcount.h, it does:
> > return (atomic_fetchadd_int(count, -1) == 1);
> >
> > which release a reference and apparently returns true if it needs to
> > be free'd...
> >
> > Though the wierd part is that andre, "fixed" it to be 0 in 1.157:
> > Fix a logic error introduced with mandatory mbuf cluster
> > refcounting and freeing of mbufs+clusters back to the packet zone.
>
> Honestly I'm a bit confused myself now and have to dig up things from
> when I did the change. However I'm certain there was a problem and the
> commit fixed it in some way (not necessarily the correct way). Before
> the 'fix' there were some larger leaks going on.
So what's the conclusion? Perhaps it's worth to add an XXX comment in
meantime.
--
Maxim Konovalov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060902081043.J32527>