----- Original Message ----- > From: "Keir Fraser" <[email protected]> > To: "Mathieu Desnoyers" <[email protected]> > Cc: [email protected], "Paul E. McKenney" <[email protected]> > Sent: Friday, April 18, 2014 1:42:50 PM > Subject: Re: [lttng-dev] [PATCH liburcu] Fix pthread_atfork() behaviour > [...] > > Worse, while reading the rcu_barrier() code I found a more subtle bug. > rcu_barrier() can return as soon as completion.barrier_count==0, which > frees the completion struct along with the rest of its stack frame. But > its call_rcu callbacks may yet try to read and write completion.futex > via the wake_up function.
Good catch! I think I've fixed this kind of problematic pattern elsewhere already, but clearly rcu_barrier() slipped through. > > The completion struct should be calloc()ed, reference-counted, and freed > by the thread that decs the count to 0, imo. I will be cooking up a > patch to do just that. Yes, this should be a clean way to fix it. > > There are other places in liburcu which protect a futex variable from > premature freeing by the waiter polling a teardown flag, but I think > refcounting is nicer :) Makes sense to me, Thanks! Mathieu -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com _______________________________________________ lttng-dev mailing list [email protected] http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
