Justus Winter, on Mon 07 Mar 2016 11:40:26 +0100, wrote: > I have a patch that revamps it so that we avoid the copying.
How would it look like? Does that mean that the fun would be called with the htable lock held? > The thing with the patch is (iirc) that it requires the called > function to be idempotent, which afaics every function used with the > _ports_bucket_class_iterate were. That's however quite a difference in what interface we provide. I wonder whether we will not need more at some point. > > Just using refcounts_unsafe_ref is most probably not a solution since > > the node is on its way out, the function called by the iterator will > > most probably get it all wrong on a node being destroyed. > > > > Another way would be as attached: just skip nodes which didn't have any > > reference. I however don't know libports enough to say whether that's > > correct behavior for libports or not: > > That looks like a brown-paper fix that could easily use-after-free. No: either another thread got 0,0, and this thread gets 1,0 and does nothing (and since it holds _ports_htable_lock, the pi is not freed yet since that other thread can not have gotten up to the end of _ports_complete_deallocate). Or other threads get !=0,0, and this thread gets !=1,0, adds a reference, and from there no other thread can get 0,0 so it's safe. Samuel
