Unreliable Guide to Locking - Addition?

Unreliable Guide to Locking - Addition?

[Kedar Sovani]

Hi Rusty,

          I was going through the splendidly written document,
"Unreliable Guide to Locking". I thought of something that should be
mentioned in the section "Using Atomic Operations For The Reference
Count" (link : http://www.kernel.org/pub/linux/kernel/people/rusty/kernel-locking/x352.html#EXAMPLES-REFCNT-ATOMIC)

I guess, probably the section should also mention that 
"
There is one race condition while using atomic_t, which is as follows :

* The refcount of the object is "1".

* Process A tries to perform atomic_dec_and_test(), gets "0" and hence
performs a kfree() on the object.

* Process B tries to perform atomic_inc() on the object.

* It may so happen that the atomic_inc() of Process B is called after
atomic_dec_and_test(), but before the kfree() call, which is a race
condition.

Usually, this race condition is avoided as:
    when the last atomic_dec_and_test() (the last == the one which
returns 0) is being called on the object, the object is usually not
accessible to others (list_del()) and hence the  simultaneous
atomic_inc() call never occurs.
"

Do you think this race condition should be included in the document?

Thanks,
Kedar.

Re: Unreliable Guide to Locking - Addition?

[Rusty Russell]

On Mon, 2005-08-08 at 18:41 +0530, Kedar Sovani wrote:
>     when the last atomic_dec_and_test() (the last == the one which
> returns 0) is being called on the object, the object is usually not
> accessible to others (list_del()) and hence the  simultaneous
> atomic_inc() call never occurs.

Yes, a reference count must count references.  Of course, you can get
around with with "atomic_dec_and_lock", but I hate that primitive as it
has scalability issues (it can't be translated to RCU).

I'll look and see if I can make this requirement explicit.

Thanks!
Rusty.
-- 
A bad analogy is like a leaky screwdriver -- Richard Braakman