From: erik quanstrom <quanstro@quanstro.net>
To: 9fans@9fans.net
Subject: [9fans] sleep/wakeup bug?
Date: Thu, 24 Feb 2011 17:01:10 -0500 [thread overview]
Message-ID: <62412e4ba21aba9b056860657c24927d@ladd.quanstro.net> (raw)
/sys/doc/sleep.ps says that sleep/wakeup are atomic.
in concrete terms, i take this to mean that if sleep
has returned, wakeup will no longer be in its critical
section.
unfortunately, this does not seem to be the case.
the woken process can continue before the rendezvous
lock is dropped. this means that any dynamic allocation
of structures containing rendezvous is not possible because
structure can be free'd before the rendezvous lock is
dropped by the waking process.
this was biting me on a high-end mp system with improved
lapic arbitration in the aoe driver, faulting in the pool
library. the memory in question was an Srb. after i zeroed
the memory before free'ing, i observed an unlock: not locked:
pc x, where x was the splx in wakeup(). this led directly to
the observation that the ready'd process could never know
when it would be safe to free the rendezvous-containing
structure.
here's my suggested correction
Proc*
wakeup(Rendez *r)
{
Proc *p;
int s;
s = splhi();
lock(r);
p = r->p;
if(p != nil){
lock(&p->rlock);
if(p->state != Wakeme || p->r != r){
iprint("%p %p %d\n", p->r, r, p->state);
panic("wakeup: state");
}
r->p = nil;
p->r = nil;
}
unlock(r);
if(p != nil){
ready(p);
unlock(&p->rlock);
}
splx(s);
return p;
}
the handling of p->rlock looks wierd, but i haven't
investigated.
- erik
next reply other threads:[~2011-02-24 22:01 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-24 22:01 erik quanstrom [this message]
2011-02-25 4:46 ` Russ Cox
2011-02-25 9:46 ` Richard Miller
2011-02-25 5:26 erik quanstrom
2011-02-25 5:47 ` Russ Cox
2011-02-25 5:53 ` erik quanstrom
2011-02-25 6:01 ` Russ Cox
2011-02-25 6:12 ` erik quanstrom
[not found] ` <2808a9fa079bea86380a8d52be67b980@coraid.com>
[not found] ` <AANLkTi=4_=++Tm2a9Jq9jSzqUSexkW-ZjM-38oD_bS1y@mail.gmail.com>
[not found] ` <40925e8f64489665bd5bd6ca743400ea@coraid.com>
2011-02-25 6:51 ` Russ Cox
2011-02-25 7:13 ` erik quanstrom
2011-02-25 14:44 ` Russ Cox
2011-02-25 8:37 ` Sape Mullender
2011-02-25 9:18 ` Bakul Shah
2011-02-25 14:57 ` Charles Forsyth
2011-02-25 16:09 ` Venkatesh Srinivas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=62412e4ba21aba9b056860657c24927d@ladd.quanstro.net \
--to=quanstro@quanstro.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).