From owner-svn-src-head@FreeBSD.ORG Wed Sep 3 08:18:08 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5D702272; Wed, 3 Sep 2014 08:18:08 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2F42F1F48; Wed, 3 Sep 2014 08:18:08 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s838I8q5084844; Wed, 3 Sep 2014 08:18:08 GMT (envelope-from kib@FreeBSD.org) Received: (from kib@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s838I8uY084843; Wed, 3 Sep 2014 08:18:08 GMT (envelope-from kib@FreeBSD.org) Message-Id: <201409030818.s838I8uY084843@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: kib set sender to kib@FreeBSD.org using -f From: Konstantin Belousov Date: Wed, 3 Sep 2014 08:18:08 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r271000 - head/sys/kern X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Sep 2014 08:18:08 -0000 Author: kib Date: Wed Sep 3 08:18:07 2014 New Revision: 271000 URL: http://svnweb.freebsd.org/changeset/base/271000 Log: Right now, thread_single(SINGLE_EXIT) returns after the p_numthreads reaches 1. The p_numthreads counter is decremented in thread_exit() by a call to thread_unlink(). This means that the exiting threads may still execute on other CPUs when thread_single(SINGLE_EXIT) returns. As result, vmspace could be destroyed while paging structures are still used on other CPUs by exiting threads. Delay the return from thread_single(SINGLE_EXIT) until all threads are really destroyed by thread_stash() after the last switch out. The p_exitthreads counter already provides the required mechanism, move the wait from the thread_wait() (which is called from wait(2) code) into thread_single(). Reported by: many (as "panic: pmap active ") Reviewed by: alc, jhb Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Modified: head/sys/kern/kern_thread.c Modified: head/sys/kern/kern_thread.c ============================================================================== --- head/sys/kern/kern_thread.c Wed Sep 3 08:14:07 2014 (r270999) +++ head/sys/kern/kern_thread.c Wed Sep 3 08:18:07 2014 (r271000) @@ -432,6 +432,7 @@ thread_exit(void) */ if (p->p_flag & P_HADTHREADS) { if (p->p_numthreads > 1) { + atomic_add_int(&td->td_proc->p_exitthreads, 1); thread_unlink(td); td2 = FIRST_THREAD_IN_PROC(p); sched_exit_thread(td2, td); @@ -452,7 +453,6 @@ thread_exit(void) } } - atomic_add_int(&td->td_proc->p_exitthreads, 1); PCPU_SET(deadthread, td); } else { /* @@ -507,14 +507,12 @@ thread_wait(struct proc *p) struct thread *td; mtx_assert(&Giant, MA_NOTOWNED); - KASSERT((p->p_numthreads == 1), ("Multiple threads in wait1()")); + KASSERT((p->p_numthreads == 1), ("multiple threads in thread_wait()")); + KASSERT((p->p_exitthreads == 0), ("p_exitthreads leaking")); td = FIRST_THREAD_IN_PROC(p); /* Lock the last thread so we spin until it exits cpu_throw(). */ thread_lock(td); thread_unlock(td); - /* Wait for any remaining threads to exit cpu_throw(). */ - while (p->p_exitthreads) - sched_relinquish(curthread); lock_profile_thread_exit(td); cpuset_rel(td->td_cpuset); td->td_cpuset = NULL; @@ -722,6 +720,17 @@ stopme: p->p_singlethread = NULL; p->p_flag &= ~(P_STOPPED_SINGLE | P_SINGLE_EXIT); thread_unthread(td); + + /* + * Wait for any remaining threads to exit cpu_throw(). + */ + while (p->p_exitthreads != 0) { + PROC_SUNLOCK(p); + PROC_UNLOCK(p); + sched_relinquish(td); + PROC_LOCK(p); + PROC_SLOCK(p); + } } PROC_SUNLOCK(p); return (0);