From owner-freebsd-net@FreeBSD.ORG Tue Aug 29 12:46:30 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B64016A4DF; Tue, 29 Aug 2006 12:46:30 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7430E43D49; Tue, 29 Aug 2006 12:46:29 +0000 (GMT) (envelope-from rrs@cisco.com) Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-6.cisco.com with ESMTP; 29 Aug 2006 05:46:29 -0700 Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-3.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k7TCkTQt019799; Tue, 29 Aug 2006 05:46:29 -0700 Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k7TCkT1E025515; Tue, 29 Aug 2006 05:46:29 -0700 (PDT) Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 29 Aug 2006 05:46:28 -0700 Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 29 Aug 2006 05:46:28 -0700 Message-ID: <44F436FD.6020506@cisco.com> Date: Tue, 29 Aug 2006 08:45:49 -0400 From: Randall Stewart User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20060223 X-Accept-Language: en-us, en MIME-Version: 1.0 To: John-Mark Gurney References: <44F35A65.3080605@cisco.com> <20060828224452.GK37035@funkthat.com> In-Reply-To: <20060828224452.GK37035@funkthat.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 29 Aug 2006 12:46:28.0754 (UTC) FILETIME=[257C3720:01C6CB69] DKIM-Signature: a=rsa-sha1; q=dns; l=2013; t=1156855589; x=1157719589; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:Randall=20Stewart=20 |Subject:Re=3A=20Problem=20with=20uipc_mbuf.c; X=v=3Dcisco.com=3B=20h=3DGX4otkzfuvQkPAK8JGkm7Q3VVZc=3D; b=cF3ANyVKEpIY9camDWFItw0Fh34LGbS75qkapYCgF3rZWr8cEwK9PT+n/wH4DEpDdTG6He24 PumN3/7HRTvLXh9Ec7JSdeKPmKwBIdfWSiZa9Tak4SExEteh/7YTa/LZ; Authentication-Results: sj-dkim-3.cisco.com; header.From=rrs@cisco.com; dkim=pass ( sig from cisco.com verified; ); Cc: freebsd-net@freebsd.org, andre@freebsd.org Subject: Re: Problem with uipc_mbuf.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Aug 2006 12:46:30 -0000 John-Mark: I had read that in the atomic_fetchadd_int() comments.. and was wondering if that was the case.. I don't have an X86 assembler reference.. so I did not bother to see if the asm and comments were in sync... you are right if this is true.. and I can surely make SCTP have this occur.. note that I can minimize how often it hits this .. I had an optimziation where I would steal the last mbuf if no other chunk is being pulled and used as data.. otherwise do a mcopy()... which is then later freed... The optimzation had a bug.. it mis-calculated and NEVER stole the last mbuf.. which meant we were ALWAYS heading for this race condition on an SMP box.. Since I have fixed the optimzation bug.. I see it much less now.. but a simple un-fix of it can quickly test any change.. Let me go change the code to test for 1 (as you suggest) and then un-fix my optimzation.. and see if it fixes the bug.. R John-Mark Gurney wrote: > Randall Stewart wrote this message on Mon, Aug 28, 2006 at 17:04 -0400: > >> atomic_fetchadd_int(m->m_ext.ref_cnt, -1) == 0) { > > ^ > > This should be 1 not 0.. as apparently fetchadd_int returns the old value > (at least that's what atomic(9) says), which means that if we ever race > on this comparision, we won't free though we should of... > > if we look at refcount.h, it does: > return (atomic_fetchadd_int(count, -1) == 1); > > which release a reference and apparently returns true if it needs to > be free'd... > > Though the wierd part is that andre, "fixed" it to be 0 in 1.157: > Fix a logic error introduced with mandatory mbuf cluster refcounting and > freeing of mbufs+clusters back to the packet zone. > > >>I am thinking about restoring the old code.. since >>it appears to work... >> >>Any comments or help would be appreciated.. > > > Lets see what andre has to say about this. > -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 815-342-5222 (cell)