Date: Wed, 9 Jun 2004 19:45:03 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Bosko Milekic <bmilekic@FreeBSD.org> Cc: "M. Warner Losh" <imp@bsdimp.com> Subject: Re: cvs commit: src/sys/kern kern_proc.c Message-ID: <20040609174503.GU12007@darkness.comp.waw.pl> In-Reply-To: <20040609163937.GA26656@freefall.freebsd.org> References: <20040609163937.GA26656@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--zmbF4WfaG2f6E7cU
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Jun 09, 2004 at 04:39:37PM +0000, Bosko Milekic wrote:
+>=20
+> Nate Lawson wrote:
+> >Bosko wrote:
+> >> MEXT_REM_REF(m); /* Atomic decrement of m->m_ext.ref_cnt */
+> >> if (atomic_cmpset_int(m->m_ext.ref_cnt, 0, 1)) {
+> >> /* Do the free here... */
+> >> }
+> >> return;
+> >
+> >This may have a race unless the refcount increment path is done correct=
ly:
+> >
+> >1:atomic_int--
+> >1:atomic_cmpset_int =3D=3D 0 (yes, get ready to free it)
+> >
+> >2:atomic_cmpset_int =3D=3D 0 (yes, object was in process of teardown)
+> >2:create new object, refcount =3D 1
+> >
+> >This assumes it's ok to have two objects of the same type in existence =
at
+> >the same time also (one being torn down while the other is created). C=
ode
+> >that accesses an object must make sure it's locked separately.
+> >
+> >-Nate
+>=20
+> No, that's not true. The scenario you describe cannot occur. The code
+> I posted prevents you from racing on teardown, so that you never have
+> two threads tearing down the same object. This is because the first
+> one to get to the cmpset will see the refcount to be zero and set it
+> up to 1 (atomically), so that the second thread will see it at 1 and
+> not do the destruction/free as well.
+>=20
+> There is no race on the reference going back up once it's hit zero
+> because that would imply that we (who have sent it to zero) are now
+> somehow magically making it gain a reference.
+>=20
+> Think about it, there is no race above.
But isn't you reference counting mechanism limited to only 0 and 1
values?
--=20
Pawel Jakub Dawidek http://www.FreeBSD.org
pjd@FreeBSD.org http://garage.freebsd.pl
FreeBSD committer Am I Evil? Yes, I Am!
--zmbF4WfaG2f6E7cU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAx0yfForvXbEpPzQRAnE0AKC8YGdmef/qdTHQAlLphY6M1fCN3gCgt2Q2
8BoAta7MIqoT+QkJgxV1ROc=
=qnJG
-----END PGP SIGNATURE-----
--zmbF4WfaG2f6E7cU--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040609174503.GU12007>