Searched hist:130289 (Results 1 - 1 of 1) sorted by relevance

/freebsd-11-stable/sys/kern/
H A Duipc_mbuf.cdiff 130289 Wed Jun 09 22:04:27 MDT 2004 bmilekic Plug a race where upon free this scenario could occur:

(time grows downward)
thread 1 thread 2
------------|------------
dec ref_cnt |
| dec ref_cnt <-- ref_cnt now zero
cmpset |
free all |
return |
|
alloc again,|
reuse prev |
ref_cnt |
| cmpset, read
| already freed
| ref_cnt
------------|------------

This should fix that by performing only a single
atomic test-and-set that will serve to decrement
the ref_cnt, only if it hasn't changed since the
earlier read, otherwise it'll loop and re-read.
This forces ordering of decrements so that truly
the thread which did the LAST decrement is the
one that frees.

This is how atomic-instruction-based refcnting
should probably be handled.

Submitted by: Julian Elischer

Completed in 90 milliseconds