Race condition in mb_free_ext()?
Robert Watson
rwatson at FreeBSD.org
Tue Mar 1 12:01:47 GMT 2005
On Mon, 28 Feb 2005, Doug White wrote:
> Forgive me for being naieve, but is there a reason you don't do an
> atomic subtraction on the refcount? I can see why it repeats -- if two
> things are warring over the refcount one or the other keep trying until
> one wins -- but the subtraction would seem more intuitive.
I'm not all that familiar with this code, but my guess is that he uses the
cmpset so that he guarantees the value of 'cnt' is fresh with respect to
the decrement -- i.e., only one caller to mb_free_ext() will end up with a
'cnt' of 1 and perform the GC. If you re-read it, there may be a race.
Robert N M Watson
More information about the freebsd-sparc64
mailing list