[Note: My former email address is going away eventually. I am moving the
conversation to my other email address which is a bit more permanent.]
On Mon, 2017-09-04 at 15:27 +0100, Radu Nicolau wrote:
>
> On 8/7/2017 5:11 PM, Charles (Chas) Williams wrote:
> > After commit 8f094a9ac5d7 ("mbuf: set mbuf fields while in pool") is it
> > much harder to detect a "double free". If the developer makes a copy
> > of an mbuf pointer and frees it twice, this condition is never detected
> > and the mbuf gets returned to the pool twice.
> >
> > Since this requires extra work to track, make this behavior conditional
> > on CONFIG_RTE_LIBRTE_MBUF_DEBUG.
> >
> > Signed-off-by: Chas Williams <ciwil...@brocade.com>
> > ---
> >
> > @@ -1304,10 +1329,13 @@ rte_pktmbuf_prefree_seg(struct rte_mbuf *m)
> > m->next = NULL;
> > m->nb_segs = 1;
> > }
> > +#ifdef RTE_LIBRTE_MBUF_DEBUG
> > + rte_mbuf_refcnt_set(m, RTE_MBUF_UNUSED_CNT);
> > +#endif
> >
> > return m;
> >
> > - } else if (rte_atomic16_add_return(&m->refcnt_atomic, -1) == 0) {
> > + } else if (rte_mbuf_refcnt_update(m, -1) == 0) {
> Why replace the use of atomic operation?
It doesn't. rte_mbuf_refcnt_update() is also atomic(ish) but it slightly more
optimal. This whole section is a little hazy actually. It looks like
rte_pktmbuf_prefree_seg() unwraps rte_mbuf_refcnt_update() so they can avoid
setting the refcnt when the refcnt is already the 'correct' value.
> >
> >
> > if (RTE_MBUF_INDIRECT(m))
> > @@ -1317,7 +1345,7 @@ rte_pktmbuf_prefree_seg(struct rte_mbuf *m)
> > m->next = NULL;
> > m->nb_segs = 1;
> > }
> > - rte_mbuf_refcnt_set(m, 1);
> > + rte_mbuf_refcnt_set(m, RTE_MBUF_UNUSED_CNT);
> >
> > return m;
> > }
> Reviewed-by: Radu Nicolau <radu.nico...@intel.com>
Thanks for the review.
