Do not mutate dying objects

Avoid memory LRU racing disk LRU. Disk LRU uses the varnish-cache LRU facility, which works by setting the OC_F_DYING and gaining one reference, resulting in two references. One is lost again by the thread initiating the LRU nuke, the other by the EXP thread. Between the two events, the refcnt is one again, thus stvfe_mutate could race. I believe this fixes #23 and #24. If not, please reopen

Do not mutate dying objects
Avoid memory LRU racing disk LRU. Disk LRU uses the varnish-cache LRU facility, which works by setting the OC_F_DYING and gaining one reference, resulting in two references. One is lost again by the thread initiating the LRU nuke, the other by the EXP thread. Between the two events, the refcnt is one again, thus stvfe_mutate could race. I believe this fixes #23 and #24. If not, please reopen
f208f591 · Nils Goroll · 712d7edb · f208f591
Unverified Commit f208f591 authored Sep 25, 2023 by Nils Goroll
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

fellow_storage.c src/fellow_storage.c +4 -2

No files found.
--- a/src/fellow_storage.c
+++ b/src/fellow_storage.c
@@ -1780,8 +1780,10 @@ stvfe_mutate(struct worker *wrk, struct fellow_cache_lru *lru,
 	oh = oc->objhead;
 	CHECK_OBJ_NOTNULL(oh, OBJHEAD_MAGIC);

-	if (oc->refcnt == 1 && !Lck_Trylock(&oh->mtx)) {
-		if (oc->refcnt != 1)
+	if (oc->refcnt == 1 &&
+	    !(oc->flags & OC_F_DYING) &&
+	    !Lck_Trylock(&oh->mtx)) {
+		if (oc->refcnt != 1 || (oc->flags & OC_F_DYING))
 			goto unlock;

 		stv = oc_stv(wrk, oc);