[openib-general] Re: [PATCH] cm refcount race fix
Roland Dreier
rdreier at cisco.com
Mon May 8 17:51:01 PDT 2006
Sean> The cost of using a spinlock around an integer is that we
Sean> end up serializing everything with the larger lock. With
Sean> the CM, sometimes the global CM lock is being held when
Sean> refcount is incremented, but there are places where only a
Sean> lock on the cm_id is held. And unless the id is being
Sean> destroyed, there's no need to acquire the lock.
Well, you can pick whatever fine-grained lock you want to protect the
reference count with. atomic_dec_and_lock() doesn't really help with
this, since you still need a spinlock. (And if you look at the
implementation of atomic_dec_and_lock(), you can see that it takes the
spinlock every time)
Sean> Using an actual mutex gets ugly since it's held for a long
Sean> time, and ends up needing to be released in destroy(). And
Sean> I don't see that there's an event abstraction that would
Sean> work.
If you wanted to implement this, you would have to use a completion.
A mutex can't be used because it must be released in process context
with interrupts enabled. And a semaphore can't be used because
there's an implicit use-after-free with semaphores (basically up()
touches the semaphore memory after it calls wake_up()).
- R.
More information about the general
mailing list