Problem with uipc_mbuf.c
Andre Oppermann
andre at freebsd.org
Sat Sep 2 00:53:15 PDT 2006
Maxim Konovalov wrote:
> On Tue, 29 Aug 2006, 17:15+0200, Andre Oppermann wrote:
>> John-Mark Gurney wrote:
>>> Randall Stewart wrote this message on Mon, Aug 28, 2006 at 17:04 -0400:
>>>> atomic_fetchadd_int(m->m_ext.ref_cnt, -1) == 0) {
>>> ^
>>>
>>> This should be 1 not 0.. as apparently fetchadd_int returns the
>>> old value (at least that's what atomic(9) says), which means that
>>> if we ever race on this comparision, we won't free though we
>>> should of...
>>>
>>> if we look at refcount.h, it does:
>>> return (atomic_fetchadd_int(count, -1) == 1);
>>>
>>> which release a reference and apparently returns true if it needs to
>>> be free'd...
>>>
>>> Though the wierd part is that andre, "fixed" it to be 0 in 1.157:
>>> Fix a logic error introduced with mandatory mbuf cluster
>>> refcounting and freeing of mbufs+clusters back to the packet zone.
>> Honestly I'm a bit confused myself now and have to dig up things from
>> when I did the change. However I'm certain there was a problem and the
>> commit fixed it in some way (not necessarily the correct way). Before
>> the 'fix' there were some larger leaks going on.
>
> So what's the conclusion? Perhaps it's worth to add an XXX comment in
> meantime.
Please give me until Thursday to resolve this issue.
--
Andre
More information about the freebsd-net
mailing list