From owner-freebsd-current@FreeBSD.ORG Sun Mar 18 19:23:14 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3743E16A401 for ; Sun, 18 Mar 2007 19:23:14 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id B048E13C4F3 for ; Sun, 18 Mar 2007 19:23:13 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 89369472DC; Sun, 18 Mar 2007 14:23:12 -0500 (EST) Date: Sun, 18 Mar 2007 20:23:12 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Julian Elischer In-Reply-To: <45FD8906.2060700@elischer.org> Message-ID: <20070318202228.L7579@fledge.watson.org> References: <20070308125927.GA1265@seekingfire.com> <20070308204041.GA55240@xor.obsecurity.org> <20070310153206.GF1230@seekingfire.com> <3bbf2fe10703100749h14e9b075wb6d730ed7c9189f8@mail.gmail.com> <20070310161423.GA1256@seekingfire.com> <20070310193946.GA96514@xor.obsecurity.org> <20070311044033.GB1256@seekingfire.com> <20070311062637.GA1256@seekingfire.com> <20070318125635.N62476@maildrop.int.zabbadoz.net> <20070318154536.U20456@fledge.watson.org> <45FD8906.2060700@elischer.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: "Bjoern A. Zeeb" , freebsd-current@freebsd.org, Tillman Hodgson Subject: Re: Experiencing hangs on SMP box with no console messages given for clues. Details inside. X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Mar 2007 19:23:14 -0000 On Sun, 18 Mar 2007, Julian Elischer wrote: >> If using uid/gid firewall rules, make sure to read the pertinent man pages >> regarding setting debug.mpsafenet=0 in loader.conf to avoid deadlocks. This >> is only a workaround for the issue, and when debug.mpsafenet is removed, >> this workaround will no longer be available. The authors/maintainers of >> the various firewall packages need to correct these problems or the lock >> order reversals (and associated deadlocks) will persist. > > I actually have some work on this in an experimental branch.. it removes the > requirement for users of ipfw to hold a lock on it by making the firewall > table an array rather than a lined list and then using a read-copy-replace > write semantic with reference conts on the array.. a bit like the cred > structures that processes and threads have.. i.e. you never change it, just > replace it with a new one.. previosu users ofthe structure just keep using > the one they have and release the reference when they are done.. (freeing if > it goes to 0). the result is that since the firewall lock goes away, so does > the lock order reversal. Great -- this is precisely the sort of fix we require. Robert N M Watson Computer Laboratory University of Cambridge