From owner-svn-src-all@FreeBSD.ORG Tue Sep 25 15:17:09 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 88A2F1065673; Tue, 25 Sep 2012 15:17:09 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from bigwig.baldwin.cx (bigknife-pt.tunnel.tserv9.chi1.ipv6.he.net [IPv6:2001:470:1f10:75::2]) by mx1.freebsd.org (Postfix) with ESMTP id 5D6438FC15; Tue, 25 Sep 2012 15:17:09 +0000 (UTC) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id A6109B949; Tue, 25 Sep 2012 11:17:08 -0400 (EDT) From: John Baldwin To: Konstantin Belousov Date: Tue, 25 Sep 2012 08:11:10 -0400 User-Agent: KMail/1.13.5 (FreeBSD/8.2-CBSD-20110714-p17; KDE/4.5.5; amd64; ; ) References: <201209221217.q8MCH9Ip064471@svn.freebsd.org> In-Reply-To: <201209221217.q8MCH9Ip064471@svn.freebsd.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <201209250811.10887.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (bigwig.baldwin.cx); Tue, 25 Sep 2012 11:17:08 -0400 (EDT) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r240813 - head/sys/kern X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2012 15:17:09 -0000 On Saturday, September 22, 2012 8:17:09 am Konstantin Belousov wrote: > Author: kib > Date: Sat Sep 22 12:17:09 2012 > New Revision: 240813 > URL: http://svn.freebsd.org/changeset/base/240813 > > Log: > Do not skip two elements of the tid_buffer when reusing the buffer > slot. This eventually results in exhaustion of the tid space, causing > new threads get tid -1 as identifier. > > The bad effect of having the thread id equal to -1 is that > UMTX_OP_UMUTEX_WAIT returns EFAULT for a lock owned by such thread, > because casuword cannot distinguish between literal value -1 read from > the address and -1 returned as an indication of faulted > access. _thr_umutex_lock() helper from libthr does not check for > errors from _umtx_op_err(2), causing an infinite loop in > mutex_lock_sleep(). > > We observed the JVM processes hanging and consuming enormous amount of > system time on machines with approximately 100 days uptime. > > Reported by: Mykola Dzham > MFC after: 1 week > > Modified: > head/sys/kern/kern_thread.c > > Modified: head/sys/kern/kern_thread.c > ============================================================================== > --- head/sys/kern/kern_thread.c Sat Sep 22 12:12:39 2012 (r240812) > +++ head/sys/kern/kern_thread.c Sat Sep 22 12:17:09 2012 (r240813) > @@ -116,7 +116,7 @@ tid_free(lwpid_t tid) > mtx_lock(&tid_lock); > if ((tid_tail + 1) % TID_BUFFER_SIZE == tid_head) { > tmp_tid = tid_buffer[tid_head++]; > - tid_head = (tid_head + 1) % TID_BUFFER_SIZE; > + tid_head %= TID_BUFFER_SIZE; I actually think it would be clearer (to the reader) to remove the ++ side effect in the tmp_tid assignment so that the update to tid_head is self contained in one statement. Of course, the update to tid_tail below suffers from the same obfuscation. > } > tid_buffer[tid_tail++] = tid; > tid_tail %= TID_BUFFER_SIZE; > -- John Baldwin