From owner-freebsd-hackers@FreeBSD.ORG Wed May 30 01:09:04 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 13810106564A; Wed, 30 May 2012 01:09:04 +0000 (UTC) (envelope-from vasanth.raonaik@gmail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 5F3E48FC08; Wed, 30 May 2012 01:09:03 +0000 (UTC) Received: by werg1 with SMTP id g1so3910784wer.13 for ; Tue, 29 May 2012 18:09:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=k7thmdx28FrfsxVYR1ICXhljQQGXeqG0P+C/rjKvQ7I=; b=Y7aaq09p6wg6KgNc8Fp1MLwsh2IXvLtPTeEaUVw/mHgDFB/ZyHjiA1CwIFZd5L4yog HcSM9lKGnCDJzTLK+9fsqDBQEfm95IghnVdnUxkaJtBTqSAVUee129ZqDdsGw5m/znK7 m7PZWXW4TpLS6DxwW/dTsKmR3/ptQNZvAKuh30DKUWfGBUMZUQq4GoGf0b8Xcynp7TzD p1gdDH1EiN78f77oHYi8mDqml20Uu++1HG9rmzh94sBlX0Orvl6knRwQq2Gq455mddiO N1xCXju7dp6wmDXDW9PEOvVWohmZFjn4DMidnEi0NNxgj7aEKY9X5soNsvjjOwl3mHcU XZzg== MIME-Version: 1.0 Received: by 10.216.208.151 with SMTP id q23mr9095849weo.20.1338340141948; Tue, 29 May 2012 18:09:01 -0700 (PDT) Received: by 10.180.146.37 with HTTP; Tue, 29 May 2012 18:09:01 -0700 (PDT) In-Reply-To: References: Date: Tue, 29 May 2012 21:09:01 -0400 Message-ID: From: vasanth rao naik sabavat To: "Robert N. M. Watson" Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "freebsd-hackers@freebsd.org" Subject: Re: SMP: protocol control block protection for a multithreaded process (ex: udp). X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 May 2012 01:09:04 -0000 Hi Robert, I am trying to understand the socket <--> protocol layer as part of our project. I was trying to understand why the sotoinpcb() is called before taking any locks. Also, I am trying to understand scenario of a multi-threaded process trying to do socket operations simultaneously on a multicore cpu. I have gone through the socket life cycle comments in the code and gave good understanding of the socket life cycle. Thank you for the reference. Thanks, Vasanth On Tue, May 29, 2012 at 7:14 PM, Robert N. M. Watson wrote: > On 29 May 2012, at 18:06, vasanth rao naik sabavat < > vasanth.raonaik@gmail.com> wrote: > > My main concern is about the protocol control block "inp", a reference in > the socket structure. the udp_detach() free'es the inp but there is a > potential for other thread running udp_* functions to get hold of the > reference? Also, sofree() calls SOCK_UNLOCK() which potentially may allow > other thread of the same process to enter into the udp_* functions? I am > not sure if that is ever possible. > > > Hi Vasanth: > > Are you chasing a bug, or is this a more intellectual exercise in > understanding the stack? The scenario you are describing should be > prevented by the socket-layer reference model and so should not occur > unless a bug is manifesting. I am happy to answer questions about the > model, but if you are running into problems it might be easier if I gave > more directed advice about how to track problem. > > When a socket system call takes place on a UDP socket, several data > structures are involved, each with its own life cycle and reference model. > Most of the time, calls like send() use a per-system call counted reference > to the file descriptor to ensure valid access down the stack through the > socket and inpcb code -- this works because the file descriptor owns a > reference to the socket, and the socket owns a reference to the inpcb. > udp_detach is called only when the reference count on the socket reaches > zero, so the references down the stack held by invoking threads should > prevent udp_detach from being invoked while they are running. The right way > to view stability here is via the reference model, not the locking model: > locks come and go as data is processed and packets move around, but it is > the reference counts that prevent freeing of the sockt and hence inpcb. The > perspective is slightly different looking "up" from the input side, where > we sometimes do use locks to ensure stability, but that is rarely the case > in the down path. In UDP, unlike with TCP, socket close can only be > initiated from the down path, not the up path. > > If you haven't already read the large comment at the top of uipc_socket.c > on the socket life cycle, it would be a good idea to do so, as it lays out > some of the principles at play here. > > Robert > > Thanks, > Vasanth > > > > > > > > > > > > > > > > > > > > On Tue, May 29, 2012 at 5:06 PM, Robert Watson wrote: > >> >> On Tue, 29 May 2012, vasanth rao naik sabavat wrote: >> >> Can somebody please reply to this email. >>> >>> basically, can udp_detach() and udp_send() execute simultaneously for a >>> process with multiple threads? if yes, then inp reference in udp_send() >>> will be stale if udp_detach() free's the inp? >>> >> >> You are confusing application-level close() with an actual close in the >> socket implementation. The socket will remain allocated as long as there >> are consumers using it, which is ensured through a reference count on the >> socket, regardless of close(). That isn't to say that there aren't bugs -- >> this stuff is pretty complex -- but the life cycle and synchronisation >> models around sockets should prevent the scenario you are describing from >> occurring. >> >> Robert >> >> >>> Thanks, >>> Vasanth >>> >>> >>> >>> On Tue, May 29, 2012 at 10:53 AM, vasanth rao naik sabavat < >>> vasanth.raonaik@gmail.com> wrote: >>> >>> Hi, >>>> >>>> In case of a Multicore cpu system running a multithreaded process. >>>> >>>> For protocol control blocks there is no protection provided in the >>>> FreeBSD >>>> 9. For example, udp_close() and udp_send() access the inp before taking >>>> the >>>> lock. Couldn't this cause the inp inconsistency on a multithreaded >>>> process >>>> running on multicore cpu system? >>>> >>>> Say, If the two threads of a process are concurrently executing socket >>>> send and socket close say on a udp connection (this can happen in case >>>> of >>>> poorly written user code.). >>>> udp_close() will access the inp on one cpu and udp_send() will access >>>> the >>>> inp on another cpu. it is possible that udp_close() gets the locks first >>>> and free's the inp before udp_send() has a chance to run? >>>> >>>> Am I missing anything? >>>> >>>> Thanks, >>>> Vasanth >>>> >>>> >>>> >>>> >>>> >>>> ______________________________**_________________ >>> freebsd-hackers@freebsd.org mailing list >>> http://lists.freebsd.org/**mailman/listinfo/freebsd-**hackers >>> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@** >>> freebsd.org " >>> >>> >