From owner-freebsd-current@FreeBSD.ORG Wed Jan 12 17:33:54 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 826E616A4CE for ; Wed, 12 Jan 2005 17:33:54 +0000 (GMT) Received: from postfix4-1.free.fr (postfix4-1.free.fr [213.228.0.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40AE643D4C for ; Wed, 12 Jan 2005 17:33:54 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-1.free.fr (Postfix) with ESMTP id 5A49C2641C0 for ; Wed, 12 Jan 2005 18:33:53 +0100 (CET) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 49F3340B9; Wed, 12 Jan 2005 18:33:50 +0100 (CET) Date: Wed, 12 Jan 2005 18:33:50 +0100 From: Jeremie Le Hen To: freebsd-current@FreeBSD.org Message-ID: <20050112173350.GA46508@obiwan.tataz.chchile.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6i Subject: LOR in IPFilter X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jan 2005 17:33:54 -0000 Hi, I recompiled my kernel with source tree upgraded around 2005.01.12.00.00.00 and I get the following LOR (pasted by hand) : %%% lock order reversal 1st 0x... dont_sleep_in_callout (dont_sleep_in_callout) @ kern/kern_timeout.c:257 2nd 0x... ipf fragment rwlock (ipf fragment rwlock) @ contrib/ipfilter/netinet/ip_frag.c:529 KDB: stack backtrace: kdb_backtrace() witness_checkorder() _sx_xlock() ipfr_fragexpire() ipfr_slowtimer() ithread_loop() fork_exit() fork_trampoline() %%% I looked a bit at the source and I understood that when DIAGNOSTIC is defined, then the softclock() function from kern_timeout.c use a kind a dummy mutex to prevent the callout function from sleeping. Unfortunately the ipfr_fragexpire() from ip_frag.c use a sx_lock... (voir en quoi consitent les sx_lock) On the other hand, I have serious feeling that I'm somewhat the culprit since: o I know that the use of sx(9) locks have already been discussed [1] with Darren Reed but I can't find it on bz@'s page referencing all known LORs [2]. o No such report appeared on current@. o I don't remember any significant commit in either ip_frag.c or kern_timeout.c since my last kernel update on 2004/12/28. o Looking at the code path [3] shows off that the ipfr_fragexpire() function must be automatically called when the module loader function is called, thus this LOR should already have been triggered IMHO. Regards, [1] http://lists.freebsd.org/pipermail/cvs-src/2004-December/thread.html#37421 [2] http://sources.zabbadoz.net/freebsd/lor.html [3] ipfilter_modevent() -> iplattach() -> timeout(&ipfr_slowtimer) ; ipfr_slowtimer() -> ipfr_fragexpire() -- Jeremie Le Hen jeremie@le-hen.org