mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-23 10:14:55 +00:00
atomic_fetchadd_int is used by mb_free_ext(), but it
returns the previous value that the "add" effected (In this case we are adding -1), afterwhich we compare it to '0'... to see if we free the mbuf... we should be comparing it to '1'... Note that this only effects when there is contention since there is a first part to the comparison that checks to see if its '1'. So this bug would only crop up if two CPU's are trying to free the same mbuf refcount at the same time. This will happen in SCTP but I doubt can happen in TCP or UDP. PR: N/A Submitted by: rrs Reviewed by: gnn,sam Approved by: gnn,sam
This commit is contained in:
parent
f981f1923b
commit
adf5d1c6d0
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=162515
|
@ -215,7 +215,7 @@ mb_free_ext(struct mbuf *m)
|
|||
|
||||
/* Free attached storage if this mbuf is the only reference to it. */
|
||||
if (*(m->m_ext.ref_cnt) == 1 ||
|
||||
atomic_fetchadd_int(m->m_ext.ref_cnt, -1) == 0) {
|
||||
atomic_fetchadd_int(m->m_ext.ref_cnt, -1) == 1) {
|
||||
switch (m->m_ext.ext_type) {
|
||||
case EXT_PACKET: /* The packet zone is special. */
|
||||
if (*(m->m_ext.ref_cnt) == 0)
|
||||
|
|
Loading…
Reference in a new issue