Shouldn't the pr_nget and pr_nput mutations be made while the pool
mutex is still being held to prevent race conditions? The patch below
rearranges these slightly so all mutations are within the context of a
mutex.
I double checked that all other instrumentation is done while a mutex
is already held.
Index: kern/subr_pool.c
===================================================================
RCS file: /cvs/src/sys/kern/subr_pool.c,v
retrieving revision 1.91
diff -p -u kern/subr_pool.c
--- kern/subr_pool.c 16 Jan 2010 03:08:00 -0000 1.91
+++ kern/subr_pool.c 26 May 2010 17:06:59 -0000
@@ -455,6 +455,8 @@ pool_get(struct pool *pp, int flags)
mtx_enter(&pp->pr_mtx);
v = pool_do_get(pp, flags);
+ if (v != NULL)
+ pp->pr_nget++;
mtx_leave(&pp->pr_mtx);
if (v == NULL)
return (v);
@@ -464,6 +466,7 @@ pool_get(struct pool *pp, int flags)
panic("pool_get: PR_ZERO when ctor set");
if (pp->pr_ctor(pp->pr_arg, v, flags)) {
mtx_enter(&pp->pr_mtx);
+ pp->pr_nget--;
pool_do_put(pp, v);
mtx_leave(&pp->pr_mtx);
v = NULL;
@@ -472,8 +475,6 @@ pool_get(struct pool *pp, int flags)
if (flags & PR_ZERO)
memset(v, 0, pp->pr_size);
}
- if (v != NULL)
- pp->pr_nget++;
return (v);
}
@@ -677,8 +678,8 @@ pool_put(struct pool *pp, void *v)
pp->pr_dtor(pp->pr_arg, v);
mtx_enter(&pp->pr_mtx);
pool_do_put(pp, v);
- mtx_leave(&pp->pr_mtx);
pp->pr_nput++;
+ mtx_leave(&pp->pr_mtx);
}
/*
