Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 Mar 2008 22:01:50 +0200
From:      Kostik Belousov <kostikbel@gmail.com>
To:        John Baldwin <jhb@freebsd.org>
Cc:        Oleg Sidorkin <window@ttk.ru>, freebsd-stable@freebsd.org
Subject:   Re: [Panic] Removing of the Palm during select syscall causes panic
Message-ID:  <20080310200150.GE10374@deviant.kiev.zoral.com.ua>
In-Reply-To: <200803101512.44835.jhb@freebsd.org>
References:  <200803080201.51851.window@ttk.ru> <20080308112129.GW57756@deviant.kiev.zoral.com.ua> <200803101512.44835.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--7CZp05NP8/gJM8Cl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Mar 10, 2008 at 03:12:44PM -0400, John Baldwin wrote:
> On Saturday 08 March 2008 06:21:29 am Kostik Belousov wrote:
> > On Sat, Mar 08, 2008 at 02:01:51AM +0300, Oleg Sidorkin wrote:
> > > Hello,
> > >=20
> > > I'm running 7.0-Stable on the ASUS P5K-VM + Intel Q6600 box.
> > > If Palm device is disconnected after synchronization, system crashes =
with=20
> > > following stacktrace:
> > >=20
> > > Does anyone have any ideas?
> >=20
> > I posted the patch several days ago, see
> > http://lists.freebsd.org/pipermail/freebsd-current/2008-March/084076.ht=
ml
>=20
> So this axes the Giant trick stuff, is this because there are race with t=
he=20
> cdevsw pointer itself?
There is a separate race with cdevsw being uninitialized while device is
created that is fixed in the patch.

The panic reported is caused by the dereference of the cdev->si_devsw
in the giant_trick wrappers without holding the dev_mtx. In fact, dropping
dev_mtx in dev(vn)_refthreads and then dereferencing the si_devsw.
The destroy_devl() routine zeroes out si_devsw before waiting for
si_threadcount to settle to zero. This works as a barrier for
dev_refthread. Dereferencing si_devsw afterward requires either
the same check or returning giant_trick from dev_refthread or axing
gianttrick (dev_refthread returns cdevsw). I choose the later.

--7CZp05NP8/gJM8Cl
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (FreeBSD)

iEYEARECAAYFAkfVk60ACgkQC3+MBN1Mb4jvDgCgpLmsYj0p/lz2KKYrZMATBb+z
WdsAoKei8xy0OUaQI8vcYOsWDa7Nvid0
=gtN8
-----END PGP SIGNATURE-----

--7CZp05NP8/gJM8Cl--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080310200150.GE10374>