From owner-freebsd-mobile@FreeBSD.ORG Sun Jan 11 19:15:29 2004 Return-Path: Delivered-To: freebsd-mobile@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5031116A4CE for ; Sun, 11 Jan 2004 19:15:29 -0800 (PST) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 44BE443D1F for ; Sun, 11 Jan 2004 19:15:28 -0800 (PST) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.12.9p2/8.12.9) with ESMTP id i0C3FE7E032034; Sun, 11 Jan 2004 19:15:18 -0800 (PST) (envelope-from truckman@FreeBSD.org) Message-Id: <200401120315.i0C3FE7E032034@gw.catspoiler.org> Date: Sun, 11 Jan 2004 19:15:14 -0800 (PST) From: Don Lewis To: imp@bsdimp.com In-Reply-To: <20040111.172627.84647422.imp@bsdimp.com> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii cc: mobile@FreeBSD.org Subject: Re: More power patches X-BeenThere: freebsd-mobile@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Mobile computing with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jan 2004 03:15:29 -0000 On 11 Jan, M. Warner Losh wrote: > In message: <200401120002.i0C02F7E031685@gw.catspoiler.org> > Don Lewis writes: > : There is still the issue of the irq breakage caused by the attach > : failure. > > I don't understand that one at all.. Unless it is a failure message > is a cut-n-pasto or something weird is happening. There is something wierd happening. The problem appears to be in ithread_remove_handler() or ithread_loop(). ithread_remove_handler() is executing the if (!TD_AWAITING_INTR(ithread->it_td)) { condition and setting the IH_DEAD flag. If this flag is set, ithread_remove_handler() should msleep() to wait for the thread to do the removal. The problem is that ithread_remove_handler() doesn't appear to sleep for any significant amount of time, and ithread_loop() never seems to execute the the block of code that detects IH_DEAD and executes TAILQ_REMOVE(). When ithread_remove_handler() calls ithread_update() after the msleep() call, ithread_update() is still finding the handler on the list, and then ithread_remove_handler() proceeds to free the handler back to the heap where it is undoubtably getting stomped on and causing havoc later on. Is there a problem with calling msleep() this early in the boot sequence?