Re: a question about socket-syscall, thinks

From: Robert Watson (rwatson_at_FreeBSD.org)
Date: 11/25/05

  • Next message: bart: "ifconfig description" 
    Date: Fri, 25 Nov 2005 12:20:13 +0000 (GMT)
To: Jon <comepu@gmail.com>

    On Fri, 25 Nov 2005, Jon wrote:

    > NET_LOCK_GIANT();
    > error = socreate(uap->domain, &so, uap->type, uap->protocol,
    > td->td_ucred, td);
    > NET_UNLOCK_GIANT();
    > if (error) {
    > fdclose(fdp, fp, fd, td);
    > } else {
    > FILEDESC_LOCK_FAST(fdp);
    > fp->f_data = so; /* already has ref count */
    > fp->f_flag = FREAD|FWRITE;
    > fp->f_ops = &socketops;
    > fp->f_type = DTYPE_SOCKET;
    > FILEDESC_UNLOCK_FAST(fdp);
    > td->td_retval[0] = fd;
    > }
    > fdrop(fp, td);
    > return (error);
    >
    > I found these lines in "kern/uipc_syscalls.c(166-182, version:5.4)". I
    > had a question! Why drop "fp" if socreate function return success? Can
    > you tell me? Thank you very much!

    'struct file' is a reference counted object, where references are
    typically one of two sorts:

    - References can be owned by file descriptor arrays (struct filedesc).

    - Referneces can be owned by threads currently operating on the file
       descriptor.

    falloc() initialized the file descriptor reference count to 1 to reflect
    the reference in the file descriptor array, and then bumps it by 1 if the
    caller has requested a struct file * result pointer not just a file
    descriptor index. When falloc() returns a struct file reference, the
    caller holds a valid reference, which prevents it from being garbage
    collected as a result of a simultaneous close() by another thread. When
    the thread calling socket() is done initializing the socket associated
    with the file descriptor, it calls fdrop() to release the extra thread
    reference. The file descriptor will still be referenced by the file
    descriptor array for the process, however (i.e., the reference count drops
    from 2 to 1, assuming no simultaneous close()).

    Other system calls operating on file descriptors after creation use
    fget_*() (sometimes wrapped) to acquire an additional thread reference to
    the struct file, and similarly release that reference using fdrop() when
    done.

    Robert N M Watson
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: bart: "ifconfig description"

    Relevant Pages

    • lockless file descriptor lookup
      ... This patch implements a lockless lookup path for file descriptors. ... The code works by allowing lookup threads to follow two previously unsafe pointers. ... the file descriptor table itself is never freed on expansion until the process exits. ... To prevent fdropraces fget_unlockeduses a cmpset loop to ensure that it never raises the reference count above zero. ...
      (freebsd-arch)
    • Re: Can a file be deleted even if it is in use.
      ... file, a program uses a 'file descriptor' (small, positive ... ultimatively resolves to the i-node of the file. ... The file reference count in the i-node is used to track the ... If that is still larger than zero afterwards, ...
      (comp.unix.programmer)
    • Re: Re: Proposal: a revoke() system call
      ... to the file descriptor you want to revoke, ... socket in a blocking I/O call from another thread -- you first have to call shutdown, ... This has caused problems for Java in the past, but I'm not sure that it's really a bug given that it's not unreasonable behavior not rejected by the spec :-). ... The problem with that is that it creates a lot more contention on the socket locks when the reference count is dropped, not to mention more locking operations. ...
      (freebsd-arch)
    • Re: close() of active socket does not work on FreeBSD 6
      ... Whatever may be implemented to solve this issue will require a fairly serious re-working of how we implement file descriptor reference counting in the kernel. ... Do you propose similar "cancellation" of other system calls blocked on the file descriptor, including select, etc? ... Typically these system calls interact with the underlying object associated with the file descriptor, not the file descriptor itself, and often, they act directly on the object and release the file descriptor before performing their operation. ...
      (freebsd-arch)
    • [PATCH 07/24] io-controller: Common hierarchical fair queuing code in elevaotor layer
      ... Requests keep a reference on ioq and ioq keeps keep a reference ... So the queue can be freed. ... Cgroup deletion path holds iocg->lock and removes iog entry ... +static struct io_group * ...
      (Linux-Kernel)