[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: refcounts assertion
From: |
Samuel Thibault |
Subject: |
Re: refcounts assertion |
Date: |
Mon, 7 Mar 2016 12:52:23 +0100 |
User-agent: |
Mutt/1.5.21+34 (58baf7c9f32f) (2010-12-30) |
Justus Winter, on Mon 07 Mar 2016 11:40:26 +0100, wrote:
> I have a patch that revamps it so that we avoid the copying.
How would it look like? Does that mean that the fun would be called
with the htable lock held?
> The thing with the patch is (iirc) that it requires the called
> function to be idempotent, which afaics every function used with the
> _ports_bucket_class_iterate were.
That's however quite a difference in what interface we provide. I
wonder whether we will not need more at some point.
> > Just using refcounts_unsafe_ref is most probably not a solution since
> > the node is on its way out, the function called by the iterator will
> > most probably get it all wrong on a node being destroyed.
> >
> > Another way would be as attached: just skip nodes which didn't have any
> > reference. I however don't know libports enough to say whether that's
> > correct behavior for libports or not:
>
> That looks like a brown-paper fix that could easily use-after-free.
No: either another thread got 0,0, and this thread gets 1,0 and does
nothing (and since it holds _ports_htable_lock, the pi is not freed
yet since that other thread can not have gotten up to the end of
_ports_complete_deallocate).
Or other threads get !=0,0, and this thread gets !=1,0, adds a
reference, and from there no other thread can get 0,0 so it's safe.
Samuel