Date: Fri, 28 Feb 2014 00:17:38 +0100 From: Mateusz Guzik <mjguzik@gmail.com> To: John Baldwin <jhb@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Mateusz Guzik <mjg@freebsd.org> Subject: Re: svn commit: r262309 - head/sys/kern Message-ID: <20140227231738.GA24050@dft-labs.eu> In-Reply-To: <201402270906.31359.jhb@freebsd.org> References: <201402212229.s1LMT9BF093587@svn.freebsd.org> <201402261529.31942.jhb@freebsd.org> <20140226212200.GB329@dft-labs.eu> <201402270906.31359.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 27, 2014 at 09:06:31AM -0500, John Baldwin wrote: > On Wednesday, February 26, 2014 4:22:00 pm Mateusz Guzik wrote: > > On Wed, Feb 26, 2014 at 03:29:31PM -0500, John Baldwin wrote: > > > On Wednesday, February 26, 2014 2:23:48 pm Mateusz Guzik wrote: > > > > Other thing is that with that change in place we can get rid of > > > > XLOCK/XUNLOCK around fdfree in fdescfree. > > > > > > I would rather remove the fd_refcnt checks, or do them differently (not > > > in the loop). Right now a reader might be confused to think that > > > fd_refcnt can change within the loop when it cannot and then worry about > > > unhandled races that don't exist (i.e. if fd_refcnt can change within > > > the loop, what prevents the individual file objects from being freed out > > > from under the loop?) > > > > > > > But it can change. > > > > kern_proc_filedesc_out calls export_fd_to_sb which drops the lock for > > each fp and sysctl_kern_proc_ofiledesc drops the lock when dealing with > > vnodes. > > > > As far as I can say all this is safe - either data is refed (vref on a > > vnode) or the lock is still held while the data is being read, so by the > > time fp can be freed it is no longer used. > > Ugh, ok. Then the change is fine as-is, but I think we have to leave > the locking in place around fdfree() still as a result. > I don't see why. refcnt cannot drop as long as something holds fdp lock. 1) So let's say kern_proc_filedesc_out grabs the lock, refcnt is 0. No files are inspected and the loop is terminated. 2) So let's say refcnt is 1 and fp is being read. Lock is released only when the function is done with fp. Then fdescfree drops refcnt to 0 and proceeds to free fps. And we are back to 1). IOW I don't think locking around fdfree is of any use right now, although I don't feel strongly about removing it. -- Mateusz Guzik <mjguzik gmail.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140227231738.GA24050>