From owner-freebsd-threads@FreeBSD.ORG  Fri Nov 21 04:22:23 2003
Return-Path: <owner-freebsd-threads@FreeBSD.ORG>
Delivered-To: freebsd-threads@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0997E16A4CE; Fri, 21 Nov 2003 04:22:23 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 5D00543FE0; Fri, 21 Nov 2003 04:22:22 -0800 (PST)
	(envelope-from davidxu@freebsd.org)
Received: from freebsd.org (davidxu@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id hALCMGFY018182;
	Fri, 21 Nov 2003 04:22:18 -0800 (PST)
	(envelope-from davidxu@freebsd.org)
Message-ID: <3FBE061B.3070206@freebsd.org>
Date: Fri, 21 Nov 2003 20:33:31 +0800
From: David Xu <davidxu@freebsd.org>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US;
	rv:1.5) Gecko/20031025 Thunderbird/0.3
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Marcel Moolenaar <marcel@xcllnt.net>
References: <20031117014620.GB61716@dhcp01.pn.xcllnt.net>
	<Pine.GSO.4.10.10311191627050.15552-100000@pcnet5.pcnet.com>
	<20031121101356.GA92329@athlon.pn.xcllnt.net>
In-Reply-To: <20031121101356.GA92329@athlon.pn.xcllnt.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
cc: David Xu <davidxu@viatech.com.cn>
cc: threads@freebsd.org
Subject: Re: KSE/ia64 broken
X-BeenThere: freebsd-threads@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Threading on FreeBSD <freebsd-threads.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-threads>,
	<mailto:freebsd-threads-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-threads>
List-Post: <mailto:freebsd-threads@freebsd.org>
List-Help: <mailto:freebsd-threads-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-threads>,
	<mailto:freebsd-threads-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Nov 2003 12:22:23 -0000

Marcel Moolenaar wrote:

>On Wed, Nov 19, 2003 at 04:27:51PM -0500, Daniel Eischen wrote:
>  
>
>>>>The returned memory block from malloc() is being used by unknown code, I 
>>>>don't know
>>>>why it occurs, but if you waste a memory block by applying the following 
>>>>patch for
>>>>thr_alloc(), then things work:
>>>>        
>>>>
>>>The memory block is clobbered by a ucontext_t. This may be the result
>>>of the kernel doing the upcall (though indirectly I would suspect).
>>>      
>>>
>>Any more on this.  I haven't been able to find anything
>>on our end.
>>    
>>
>
>Ok. More pieces of the puzzle. If I apply the attached patch (against
>clean sources), I get the following:
>
>itanium% ./foo.bad
>XXX:_thr_alloc: thread=200000000008a000, tcb=2000000000085000
>XXX:_thr_alloc: thread=2000000000090000, tcb=2000000000090000
>
>The second _thr_alloc() is screwed up, in that malloc() returns
>the same pointer twice. Hence thread->tcb points to thread itself
>and we're clobbering our thread structure. 
>
I saw the same result.

>Since thr_spinlock.c
>affects the locking of malloc(), we may have a race condition.
>Note that forcing an upcall (by adding a _thread_printf() in the
>code stream) seems to fix it. Does the UTS call malloc when first
>invoked?
>
>  
>
No, we never call malloc in such case.  I suspect we do not
fully restore thread's context. In kernel, I pass zero as third
parameter to get_mcontext(), is it enough for ia64 ?