From owner-svn-src-user@FreeBSD.ORG  Tue Nov 16 01:56:20 2010
Return-Path: <owner-svn-src-user@FreeBSD.ORG>
Delivered-To: svn-src-user@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F3A93106566B;
	Tue, 16 Nov 2010 01:56:19 +0000 (UTC)
	(envelope-from davidxu@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id D69368FC13;
	Tue, 16 Nov 2010 01:56:19 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id oAG1uJfL035600;
	Tue, 16 Nov 2010 01:56:19 GMT (envelope-from davidxu@svn.freebsd.org)
Received: (from davidxu@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id oAG1uJLE035598;
	Tue, 16 Nov 2010 01:56:19 GMT (envelope-from davidxu@svn.freebsd.org)
Message-Id: <201011160156.oAG1uJLE035598@svn.freebsd.org>
From: David Xu <davidxu@FreeBSD.org>
Date: Tue, 16 Nov 2010 01:56:19 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-user@freebsd.org
X-SVN-Group: user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r215364 - user/davidxu/libthr/sys/kern
X-BeenThere: svn-src-user@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the experimental &quot; user&quot;
	src tree" <svn-src-user.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-user>,
	<mailto:svn-src-user-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-user>
List-Post: <mailto:svn-src-user@freebsd.org>
List-Help: <mailto:svn-src-user-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-user>,
	<mailto:svn-src-user-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2010 01:56:20 -0000

Author: davidxu
Date: Tue Nov 16 01:56:19 2010
New Revision: 215364
URL: http://svn.freebsd.org/changeset/base/215364

Log:
  Because umtx_thread_cleanup() no longer is called with process lock held,
  There is a race that a thread is exiting while another thread tries to
  add an entry into its mutex contention list, add uq_exiting flag to
  indicating that a thread is exiting, and a PI entry should not be
  added to the thread.

Modified:
  user/davidxu/libthr/sys/kern/kern_umtx.c

Modified: user/davidxu/libthr/sys/kern/kern_umtx.c
==============================================================================
--- user/davidxu/libthr/sys/kern/kern_umtx.c	Tue Nov 16 00:32:45 2010	(r215363)
+++ user/davidxu/libthr/sys/kern/kern_umtx.c	Tue Nov 16 01:56:19 2010	(r215364)
@@ -165,7 +165,11 @@ struct umtx_q {
 
 	int			uq_repair_mutex;
 
+	/* Robust mutex list */
 	struct	robust_list	uq_rob_list;
+
+	/* Thread is exiting. */
+	char			uq_exiting;
 };
 
 TAILQ_HEAD(umtxq_head, umtx_q);
@@ -324,6 +328,8 @@ static void umtx_thread_cleanup(struct t
 static void umtx_exec_hook(void *arg __unused, struct proc *p __unused,
 	struct image_params *imgp __unused);
 static void umtx_exit_hook(void *arg __unused, struct proc *p __unused);
+static void umtx_fork_hook(void *arg __unused, struct proc *p1 __unused,
+	struct proc *p2, int flags __unused);
 static int robust_alloc(struct robust_info **);
 static void robust_free(struct robust_info *);
 static int robust_insert(struct thread *, struct robust_info *);
@@ -372,6 +378,8 @@ umtxq_sysinit(void *arg __unused)
 	    EVENTHANDLER_PRI_ANY);
 	EVENTHANDLER_REGISTER(process_exit, umtx_exit_hook, NULL,
 	    EVENTHANDLER_PRI_ANY);
+	EVENTHANDLER_REGISTER(process_fork, umtx_fork_hook, NULL,
+	    EVENTHANDLER_PRI_ANY);
 
 	max_robust_interval.tv_sec = 10;
 	max_robust_interval.tv_usec = 0;
@@ -1791,11 +1799,14 @@ umtxq_sleep_pi(struct umtx_q *uq, struct
 		/* XXX Only look up thread in current process. */
 		td1 = tdfind(owner, curproc->p_pid);
 		mtx_lock_spin(&umtx_lock);
-		if (td1 != NULL && pi->pi_owner == NULL) {
-			uq1 = td1->td_umtxq;
-			umtx_pi_setowner(pi, td1);
+		if (td1 != NULL) {
+			if((uq1 = td1->td_umtxq) != NULL &&
+			    uq1->uq_exiting == 0) {
+				if (pi->pi_owner == NULL)
+					umtx_pi_setowner(pi, td1);
+			}
+			PROC_UNLOCK(td1->td_proc);
 		}
-		PROC_UNLOCK(td1->td_proc);
 	}
 
 	TAILQ_FOREACH(uq1, &pi->pi_blocked, uq_lockq) {
@@ -4351,6 +4362,7 @@ umtx_thread_alloc(struct thread *td)
 
 	uq = td->td_umtxq;
 	uq->uq_inherited_pri = PRI_MAX;
+	uq->uq_exiting = 0;
 
 	KASSERT(uq->uq_flags == 0, ("uq_flags != 0"));
 	KASSERT(uq->uq_thread == td, ("uq_thread != td"));
@@ -4374,7 +4386,27 @@ umtx_exec_hook(void *arg __unused, struc
 static void
 umtx_exit_hook(void *arg __unused, struct proc *p __unused)
 {
-	umtx_thread_cleanup(curthread);
+	struct umtx_q *uq = curthread->td_umtxq;
+
+	if (uq != NULL) {
+		uq->uq_exiting = 1;
+		umtx_thread_cleanup(curthread);
+	}
+}
+
+/*
+ * fork() hook. First thread of process never call umtx_thread_alloc()
+ * again, we should clear uq_exiting here.
+ */
+void
+umtx_fork_hook(void *arg __unused, struct proc *p1 __unused,
+	struct proc *p2, int flags __unused)
+{
+	struct thread *td = FIRST_THREAD_IN_PROC(p2);
+	struct umtx_q *uq = td->td_umtxq;
+
+	if (uq != NULL)
+		uq->uq_exiting = 0;
 }
 
 /*