Buffer Reuse in Nginx

Maxim Dounin mdounin at mdounin.ru
Wed Mar 7 14:44:02 UTC 2012


On Wed, Mar 07, 2012 at 02:41:55PM +0100, Soares Chen wrote:


> >> typedef void* ngx_buf_tag_t
> >> This mysterious tag seems to be the way for me to claim ownership to a
> >> buffer by assigning it a unique pointer value. However I could find
> >> almost no explanation on how to use this tag field properly. I'd like
> >> to know if setting this tag would guarantee that the buffers I created
> >> would never be shared ownership with other modules?
> >
> > It is used by ngx_chain_update_chains() to match buffers allocated
> > by your module.
> Ok then this is my interpretation for the buffer tag: There is always
> exactly one ngx_buf_t object that points to a particular memory area,
> and it is owned by the module that set the tag field. The modules down
> the output chain would change the b->pos and b->last pointers and that
> change is used by the buffer owner to determine if the buffer is free
> to reuse again.

Mostly yes.

Though the "exactly one ngx_buf_t" isn't really correct, it's 
module responsibility to ensure that it's either true or handled 
somehow.  E.g. event pipe (src/event/ngx_event_pipe.c) uses 
multiple buffers with the same memory region (i.e. with identical 
b->start) and additionally handles this.

> >> void ngx_chain_update_chains(ngx_pool_t *p, ngx_chain_t **free,
> >> ngx_chain_t **busy, ngx_chain_t **out, ngx_buf_tag_t tag)
> >> I find that this function seems to be performing what I want, and it
> >> seems to be called in other modules that has similar buffer reuse
> >> mechanism. However I am really confused about the purpose of this
> >> function and what it does exactly. From the signature it seems to be
> >> determining which buffers are safe to reuse, and then reclaim the free
> >> buffers into the **free chain. However on close inspection I found
> >> that all it does is to move all tagged buffers at **busy and **out to
> >> free, while calling ngx_free_chain() on buffer chains that do not
> >> share the same tag. I don't know if the buffers freed by this function
> >> is guaranteed safe to be reused, and I don't know what happen with the
> >> buffers that have different tags.
> >
> > Buffers only moved to **free if they are indeed free, i.e. when
> > ngx_buf_size(cl->buf) == 0.  Buffers from **free will be then
> > reused either with ngx_chain_get_free_buf() or with your own code.
> Ah now I realized I missed that line of code. So what you mean is that
> it is also possible to manually determine if a buffer is free for
> reuse by checking if ngx_buf_size(b) is 0?


> To make sure I get the idea correct I am showing here my
> interpretation of this function:
> void
> ngx_chain_update_chains(ngx_pool_t *p, ngx_chain_t **free, ngx_chain_t **busy,
>     ngx_chain_t **out, ngx_buf_tag_t tag)
> {
>     ngx_chain_t  *cl;
>     // Append *out to the end of *busy chain, and empty the *out chain
>     if (*busy == NULL) {
>         *busy = *out;
>     } else {
>         for (cl = *busy; cl->next; cl = cl->next) { /* void */ }
>         cl->next = *out;
>     }
>     *out = NULL;
>     // For each buffer in the busy chain
>     while (*busy) {
>         cl = *busy;
>         // If the size is not zero, then the buffer is still being used.
>         // We assume that the rest of buffers in the chain are still
>         // in use as well, so we break and return.
>         if (ngx_buf_size(cl->buf) != 0) {
>             break;
>         }
>         // If the buffer is not owned by current module, proceed to
>         // the next buffer and free the chain link while ignoring the
>         // buffer pointer.
>         if (cl->buf->tag != tag) {
>             *busy = cl->next;
>             ngx_free_chain(p, cl);
>             continue;
>         }

Note well: all chain links for your out/free/busy chains are 
expected to be allocated by your module, either directly or via 
e.g. ngx_chain_add_copy().

>         // else, the buffer is owned by the current module
>         // and the buffer is free for reuse.
>         // reset the pos and last pointer.
>         cl->buf->pos = cl->buf->start;
>         cl->buf->last = cl->buf->start;
>         // Put the chain together with the buffer into the *free chain
>         // The buffer pointers at this *free chain link is guaranteed to
>         // be valid and it's memory region is safe for reuse.
>         *busy = cl->next;
>         cl->next = *free;
>         *free = cl;
>     }
> }

Looks correct.

> >> ngx_chain_t * ngx_chain_get_free_buf(ngx_pool_t *p, ngx_chain_t **free)
> >> I find that this function will return the buffers freed by
> >> ngx_chain_update_chains(). Most modules seem to do overwrite the data
> >> on the obtained buffer without any issue. That makes me wonder if
> >> ngx_chain_update_chains() really works.
> >
> > See above.
> From what I understand ngx_chain_get_free_buf() will always return a
> ngx_chain_t object with valid pointer to a ngx_buf_t object. On the
> opposite, ngx_alloc_chain_link() only returns the ngx_chain_t object
> and the buf pointer must be reseted before any use.
> Also, if the *free chain contains any chain link, that chain link will
> be returned and the buffer attached would have b->start and b->end
> pointing to memory region that is safe to write. But on the other hand
> of *free is empty, then ngx_chain_get_free_buf would only allocate new
> ngx_chain_t and ngx_buf_t objects but leave the b->start and b->end
> pointers as NULL. As a result the caller of ngx_chain_get_free_buf()
> must ensure that cl->buf->start points to some memory region, or the
> caller itself have to manually allocate that memory region and assign
> them to cl->buf.

I would rather suggest to interpret this a bit differently:

The ngx_alloc_chain_link() function returns ngx_chain_t structure 
with undefined contents.

The ngx_chain_get_free_buf() function returns ngx_chain_t 
structure and associated ngx_buf_t structure.  If returned chain + 
buffer pair is reused, it's guaranteed to have the same 
cl->buf->start as before; else it will have cl->buf->start set to 

Net effect is the same though.


Maxim Dounin

More information about the nginx-devel mailing list