Date: Tue, 1 Mar 2005 11:59:49 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Doug White <dwhite@gumbysoft.com> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: Race condition in mb_free_ext()? Message-ID: <Pine.NEB.3.96L.1050301115818.31509A-100000@fledge.watson.org> In-Reply-To: <20050228214850.X62607@carver.gumbysoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Feb 2005, Doug White wrote: > Forgive me for being naieve, but is there a reason you don't do an > atomic subtraction on the refcount? I can see why it repeats -- if two > things are warring over the refcount one or the other keep trying until > one wins -- but the subtraction would seem more intuitive. I'm not all that familiar with this code, but my guess is that he uses the cmpset so that he guarantees the value of 'cnt' is fresh with respect to the decrement -- i.e., only one caller to mb_free_ext() will end up with a 'cnt' of 1 and perform the GC. If you re-read it, there may be a race. Robert N M Watson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1050301115818.31509A-100000>