9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed
From: erik quanstrom <quanstro@quanstro.net>
To: 9fans@9fans.net
Subject: [9fans] sleep/wakeup bug?
Date: Thu, 24 Feb 2011 17:01:10 -0500	[thread overview]
Message-ID: <62412e4ba21aba9b056860657c24927d@ladd.quanstro.net> (raw)

/sys/doc/sleep.ps says that sleep/wakeup are atomic.
in concrete terms, i take this to mean that if sleep
has returned, wakeup will no longer be in its critical
section.

unfortunately, this does not seem to be the case.
the woken process can continue before the rendezvous
lock is dropped.  this means that any dynamic allocation
of structures containing rendezvous is not possible because
structure can be free'd before the rendezvous lock is
dropped by the waking process.

this was biting me on a high-end mp system with improved
lapic arbitration in the aoe driver, faulting in the pool
library.  the memory in question was an Srb.  after i zeroed
the memory before free'ing, i observed an unlock: not locked:
pc x, where x was the splx in wakeup().  this led directly to
the observation that the ready'd process could never know
when it would be safe to free the rendezvous-containing
structure.

here's my suggested correction

Proc*
wakeup(Rendez *r)
{
	Proc *p;
	int s;

	s = splhi();

	lock(r);
	p = r->p;

	if(p != nil){
		lock(&p->rlock);
		if(p->state != Wakeme || p->r != r){
			iprint("%p %p %d\n", p->r, r, p->state);
			panic("wakeup: state");
		}
		r->p = nil;
		p->r = nil;
	}
	unlock(r);
	if(p != nil){
		ready(p);
		unlock(&p->rlock);
	}
	splx(s);

	return p;
}

the handling of p->rlock looks wierd, but i haven't
investigated.

- erik



             reply	other threads:[~2011-02-24 22:01 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-02-24 22:01 erik quanstrom [this message]
2011-02-25  4:46 ` Russ Cox
2011-02-25  9:46 ` Richard Miller
2011-02-25  5:26 erik quanstrom
2011-02-25  5:47 ` Russ Cox
2011-02-25  5:53   ` erik quanstrom
2011-02-25  6:01     ` Russ Cox
2011-02-25  6:12       ` erik quanstrom
     [not found]       ` <2808a9fa079bea86380a8d52be67b980@coraid.com>
     [not found]         ` <AANLkTi=4_=++Tm2a9Jq9jSzqUSexkW-ZjM-38oD_bS1y@mail.gmail.com>
     [not found]           ` <40925e8f64489665bd5bd6ca743400ea@coraid.com>
2011-02-25  6:51             ` Russ Cox
2011-02-25  7:13               ` erik quanstrom
2011-02-25 14:44                 ` Russ Cox
2011-02-25  8:37               ` Sape Mullender
2011-02-25  9:18                 ` Bakul Shah
2011-02-25 14:57               ` Charles Forsyth
2011-02-25 16:09               ` Venkatesh Srinivas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=62412e4ba21aba9b056860657c24927d@ladd.quanstro.net \
    --to=quanstro@quanstro.net \
    --cc=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).