From owner-freebsd-current Thu Oct 10 13:30:57 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 921C237B401; Thu, 10 Oct 2002 13:30:55 -0700 (PDT) Received: from fafoe.dyndns.org (chello212186121237.14.vie.surfer.at [212.186.121.237]) by mx1.FreeBSD.org (Postfix) with ESMTP id 079A643ED4; Thu, 10 Oct 2002 13:30:55 -0700 (PDT) (envelope-from stefan@fafoe.dyndns.org) Received: by frog.fafoe (Postfix, from userid 1001) id 50C522C5; Thu, 10 Oct 2002 22:30:53 +0200 (CEST) Date: Thu, 10 Oct 2002 22:30:53 +0200 From: Stefan Farfeleder To: Terry Lambert Cc: Don Lewis , jhb@FreeBSD.ORG, jmallett@FreeBSD.ORG, current@FreeBSD.ORG, phk@FreeBSD.ORG Subject: Re: [PATCH] Re: Junior Kernel Hacker page updated... Message-ID: <20021010203053.GA265@frog.fafoe> References: <20021008204605.GA252@frog.fafoe> <200210090426.g994QTvU037393@gw.catspoiler.org> <20021009225606.GC306@frog.fafoe> <3DA4B6C1.ED1BACEB@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3DA4B6C1.ED1BACEB@mindspring.com> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Oct 09, 2002 at 04:07:45PM -0700, Terry Lambert wrote: > Stefan Farfeleder wrote: > > Is it just a warning or does it pose a real problem? > > > > I think the problem with the current code is that knote_{en,de}queue can > > be executed in parallel (on another CPU, spl*() can't prevent that, can > > it?) with kqueue_scan and that kq->kq_head thus can be corrupted. > > Or am I totally wrong? > > My patch would have worked, in that case, since it would ensure > one marker entry with a unique stack address per simultaneous > scanner. > > It has to be that the queue itself is being deleted out from > under it: the problem is not the scan, nor the insert or the > delete. > > Most likely, this is for an object whose queue is not tracked > by process, or for a process queue that's being examined by > another process (e.g. kevent's on fork/exit/etc.). > > You can verify this for your own satisfaction by looking at the > pointer manipulation order for the insertion and deletion; the > insertion sets the next pointer before setting the pointer to > the inserted object, and the deletion sets the pointer that > used to point to the deleted object to the delete object's next, > before deleting the object. Thus, traversals in progress should > not result in an error. Imagine this scenario where CPU 0 inserts a knote kn1 (the marker) in knote_scan and CPU 1 kn2 in kqueue_enqueue: CPU 0 | CPU 1 --------------------------------+------------------------------- kn1->kn_tqe.tqe_next = NULL; | | --------------------------------+------------------------------- kn1->kn_tqe.tqe_prev = | kn2->kn_tqe.tqe_next = NULL; kq_head.tqh_last; | --------------------------------+------------------------------- *kq_head.tqh_last = kn1; | kn2->kn_tqe.tqe_prev = | kq_head.tqh_last; --------------------------------+------------------------------- kq_head.tqh_last = | *kq_head.tqh_last = kn2; &kn1->kn_tqe.tqe_next; | --------------------------------+------------------------------- | kq_head.tqh_last = | &kn2->kn_tqe.tqe_next; The marker would never appear on the queue. Regards, Stefan Farfeleder To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message