From owner-cvs-src@FreeBSD.ORG Fri Jan 25 02:09:39 2008 Return-Path: Delivered-To: cvs-src@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 38C8116A417; Fri, 25 Jan 2008 02:09:39 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 2672413C457; Fri, 25 Jan 2008 02:09:39 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m0P29ddV050768; Fri, 25 Jan 2008 02:09:39 GMT (envelope-from jhb@repoman.freebsd.org) Received: (from jhb@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m0P29cjL050767; Fri, 25 Jan 2008 02:09:39 GMT (envelope-from jhb) Message-Id: <200801250209.m0P29cjL050767@repoman.freebsd.org> From: John Baldwin Date: Fri, 25 Jan 2008 02:09:38 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: src/sys/kern subr_sleepqueue.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jan 2008 02:09:39 -0000 jhb 2008-01-25 02:09:38 UTC FreeBSD src repository Modified files: sys/kern subr_sleepqueue.c Log: Fix a race in the sleepqueue timeout code that resulted in sleeps not being properly cancelled by a timeout. In general there is a race between a the sleepq timeout handler firing while the thread is still in the process of going to sleep. In 6.x with sched_lock, the race was largely protected by sched_lock. The only place it was "exposed" and had to be handled was while checking for any pending signals in sleepq_catch_signals(). With the thread lock changes, the thread lock is dropped in between sleepq_add() and sleepq_*wait*() opening up a new window for this race. Thus, if the timeout fired while the sleeping thread was in between sleepq_add() and sleepq_*wait*(), the thread would be marked as timed out, but the thread would not be dequeued and sleepq_switch() would still block the thread until it was awakened via some other means. In the case of pause(9) where there is no other wakeup, the thread would never be awakened. Fix this by teaching sleepq_switch() to check if the thread has had its sleep canceled before blocking by checking the TDF_TIMEOUT flag and aborting the sleep and dequeueing the thread if it is set. MFC after: 3 days Reported by: dwhite, peter Revision Changes Path 1.42 +25 -4 src/sys/kern/subr_sleepqueue.c