From owner-cvs-all@FreeBSD.ORG Tue Sep 9 21:04:38 2008 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17DAD1065675; Tue, 9 Sep 2008 21:04:38 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from server.baldwin.cx (bigknife-pt.tunnel.tserv9.chi1.ipv6.he.net [IPv6:2001:470:1f10:75::2]) by mx1.freebsd.org (Postfix) with ESMTP id 8E84E8FC20; Tue, 9 Sep 2008 21:04:37 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from localhost.corp.yahoo.com (john@localhost [IPv6:::1]) (authenticated bits=0) by server.baldwin.cx (8.14.2/8.14.2) with ESMTP id m89L4CIh008827; Tue, 9 Sep 2008 17:04:31 -0400 (EDT) (envelope-from jhb@freebsd.org) From: John Baldwin To: Robert Watson Date: Tue, 9 Sep 2008 14:27:53 -0400 User-Agent: KMail/1.9.7 References: <200809082140.m88LeNJW085481@repoman.freebsd.org> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200809091427.53834.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.0.2 (server.baldwin.cx [IPv6:::1]); Tue, 09 Sep 2008 17:04:31 -0400 (EDT) X-Virus-Scanned: ClamAV 0.93.1/8162/Thu Sep 4 12:38:45 2008 on server.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=4.2 tests=AWL,BAYES_00,NO_RELAYS autolearn=ham version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on server.baldwin.cx Cc: cvs-src@freebsd.org, src-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/kern subr_turnstile.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Sep 2008 21:04:38 -0000 On Tuesday 09 September 2008 06:09:34 am Robert Watson wrote: > On Mon, 8 Sep 2008, John Baldwin wrote: > > > SVN rev 182879 on 2008-09-08 21:40:15Z by jhb > > > > - Reduce scope of #ifdef's in uma_zcreate() call in init_turnstile0(). > > - Set UMA_ZONE_NOFREE so that the per-turnstile spin locks are type stable > > to avoid a race where one thread might dereference a lock in a free'd > > turnstile that was previously used by another thread. > > Is this a feature or a workaround for a bug? Normally in the above scenario > we would consider use-after-free a bug or symptom of a larger architectural > problem rather than a feature. At least, that's what I consider similar use > of UMA_ZONE_NOFREE where it persists in the network stack :-). Well, it's a workaround for the fact that the way thread_lock works is it tries to acquire what it thinks is the current lock for a given thread. Once it has that lock, then it checks to see if the thread has switched to a different lock. If so, it drops the lock it has and tries to get the "new" lock. Anytime you lose this race, you can end up holding a lock that isn't necessarily associated with the thread anymore. For that reason, locks used as thread locks should generally be type-stable. Most of the locks used as thread locks are in static data structures (runqueues, sleepq hash table buckets, the global "blocked lock", etc.) so they are already type-stable. The turnstile locks are the one case where locks used as thread locks are dynamically allocated IIRC. -- John Baldwin