From 88227ea6655ec513d555ad0cdb52d22e7f9928a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ondr=CC=8Cej=20Sury=CC=81?= Date: Mon, 9 Sep 2024 16:03:53 +0200 Subject: [PATCH] Use release memory ordering when incrementing reference counter As the relaxed memory ordering doesn't ensure any memory synchronization, it is possible that the increment will succeed even in the case when it should not - there is a race between atomic_fetch_sub(..., acq_rel) and atomic_fetch_add(..., relaxed). Only the result is consistent, but the previous value for both calls could be same when both calls are executed at the same time. --- lib/isc/include/isc/refcount.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/isc/include/isc/refcount.h b/lib/isc/include/isc/refcount.h index 090dc7ec2a..82f5796bd6 100644 --- a/lib/isc/include/isc/refcount.h +++ b/lib/isc/include/isc/refcount.h @@ -70,7 +70,7 @@ typedef atomic_uint_fast32_t isc_refcount_t; #define isc_refcount_increment0(target) \ ({ \ uint_fast32_t __v; \ - __v = atomic_fetch_add_relaxed(target, 1); \ + __v = atomic_fetch_add_release(target, 1); \ INSIST(__v < UINT32_MAX); \ __v; \ }) @@ -83,7 +83,7 @@ typedef atomic_uint_fast32_t isc_refcount_t; #define isc_refcount_increment(target) \ ({ \ uint_fast32_t __v; \ - __v = atomic_fetch_add_relaxed(target, 1); \ + __v = atomic_fetch_add_release(target, 1); \ INSIST(__v > 0 && __v < UINT32_MAX); \ __v; \ })