From owner-freebsd-net@FreeBSD.ORG  Sat Sep  2 04:13:25 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CF67916A4DD;
	Sat,  2 Sep 2006 04:13:25 +0000 (UTC)
	(envelope-from maxim@macomnet.ru)
Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1AD5643D49;
	Sat,  2 Sep 2006 04:13:24 +0000 (GMT)
	(envelope-from maxim@macomnet.ru)
Received: from localhost (localhost.int.ru [127.0.0.1] (may be forged))
	by mp2.macomnet.net (8.13.7/8.13.3) with ESMTP id k824DJku035102;
	Sat, 2 Sep 2006 08:13:20 +0400 (MSD)
	(envelope-from maxim@macomnet.ru)
Date: Sat, 2 Sep 2006 08:13:19 +0400 (MSD)
From: Maxim Konovalov <maxim@macomnet.ru>
To: Andre Oppermann <andre@freebsd.org>
In-Reply-To: <44F45A2A.8030405@freebsd.org>
Message-ID: <20060902081043.J32527@mp2.macomnet.net>
References: <44F35A65.3080605@cisco.com> <20060828224452.GK37035@funkthat.com>
	<44F45A2A.8030405@freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-net@freebsd.org, Randall Stewart <rrs@cisco.com>
Subject: Re: Problem with uipc_mbuf.c
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Sep 2006 04:13:25 -0000

On Tue, 29 Aug 2006, 17:15+0200, Andre Oppermann wrote:
> John-Mark Gurney wrote:
> > Randall Stewart wrote this message on Mon, Aug 28, 2006 at 17:04 -0400:
> > >      atomic_fetchadd_int(m->m_ext.ref_cnt, -1) == 0) {
> >         ^
> >
> > This should be 1 not 0.. as apparently fetchadd_int returns the
> > old value (at least that's what atomic(9) says), which means that
> > if we ever race on this comparision, we won't free though we
> > should of...
> >
> > if we look at refcount.h, it does:
> >         return (atomic_fetchadd_int(count, -1) == 1);
> >
> > which release a reference and apparently returns true if it needs to
> > be free'd...
> >
> > Though the wierd part is that andre, "fixed" it to be 0 in 1.157:
> > Fix a logic error introduced with mandatory mbuf cluster
> > refcounting and freeing of mbufs+clusters back to the packet zone.
>
> Honestly I'm a bit confused myself now and have to dig up things from
> when I did the change.  However I'm certain there was a problem and the
> commit fixed it in some way (not necessarily the correct way).  Before
> the 'fix' there were some larger leaks going on.

So what's the conclusion?  Perhaps it's worth to add an XXX comment in
meantime.

-- 
Maxim Konovalov