this is YET ANOTHER case for the Atomic reference counting ABI that jhb has been talking about...
On Mon, 3 Jun 2002, Archie Cobbs wrote: > This is a question about M_EXT mbuf reference counts in FreeBSD-stable. > > There are several instances in kern/uipc_mbuf.c that add a reference > to an M_EXT mbuf by either incrementing the entry in the mclrefcnt[] > array or invoking the "custom" ext_ref routine. > > However, it seems that these instances are all broken because they > don't wrap these operations within splimp()... > > Isn't the following C statement *not* atomic? > > mclrefcnt[mtocl(m->m_ext.ext_buf)]++; > > And isn't access to mclrefcnt[] supposed to be protected by splimp()? > Note: MCLFREE() *does* set splimp() before decrementing M_EXT ref counts. > > Therefore, isn't there a race condition wrt. the M_EXT reference counts? > > The functions which fail to set splimp() before adding a reference are: > > m_copym() > m_copypacket() > m_split() > > Thanks for any comments/clarification on this subject.. > > -Archie > > __________________________________________________________________________ > Archie Cobbs * Packet Design * http://www.packetdesign.com > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
