Date: Wed, 4 Feb 2015 22:44:05 +0000 From: "jhb (John Baldwin)" <phabric-noreply@FreeBSD.org> To: freebsd-net@freebsd.org Subject: [Differential] [Updated] D1777: Associated fix for arp/nd6 timer usage. Message-ID: <2a88ee2dc845ecaa0d8b5e153cb37a8e@localhost.localdomain> In-Reply-To: <differential-rev-PHID-DREV-7mg6mtc3edzvrggvnij4-req@FreeBSD.org> References: <differential-rev-PHID-DREV-7mg6mtc3edzvrggvnij4-req@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
jhb added a comment. This is just "How It Works". You are always supposed to do a callout_drain() before freeing the storage belonging to a callout. I don't understand how you are preventing the callout/lock being freed out from under the callout routine in this version either. Now you can have this sequence: a) softclock dequeues callout to run b) other thread grabs lle_lock c) softclock blocks on lle_wlock above d) other thread tears down structure, unlocks lock, zeros memory, 0xdeadc0de, etc. e) softclock wakes up in mutex code and panics becuase the mutex is destroyed and it either triggers an assertion, follows a bad pointer trying to propagate priority or see if the "owner" is running, etc. You have to drain the callout somehow. Hans other solution is to arrange to have a callback function do the free for you if you can't block in the context where you are trying to free the structure. REVISION DETAIL https://reviews.freebsd.org/D1777 To: rrs, imp, sbruno, gnn, rwatson, lstewart, kostikbel, adrian, bz, jhb Cc: bz, emaste, hiren, julian, hselasky, freebsd-net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2a88ee2dc845ecaa0d8b5e153cb37a8e>