From owner-freebsd-current@FreeBSD.ORG  Tue Jun 17 12:07:36 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3F38F37B401; Tue, 17 Jun 2003 12:07:36 -0700 (PDT)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id D37DF43FDD; Tue, 17 Jun 2003 12:07:35 -0700 (PDT)
	(envelope-from bright@elvis.mu.org)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id C3E1A2ED44A; Tue, 17 Jun 2003 12:07:35 -0700 (PDT)
Date: Tue, 17 Jun 2003 12:07:35 -0700
From: Alfred Perlstein <alfred@FreeBSD.org>
To: Don Lewis <truckman@FreeBSD.org>
Message-ID: <20030617190735.GU62025@elvis.mu.org>
References: <200306171900.h5HJ0RM7052470@gw.catspoiler.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200306171900.h5HJ0RM7052470@gw.catspoiler.org>
User-Agent: Mutt/1.4.1i
cc: current@freebsd.org
Subject: Re: Giant pushdown in kern_descrip.c rev 1.128
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2003 19:07:36 -0000

* Don Lewis <truckman@FreeBSD.org> [030617 12:00] wrote:
> It's not legal to attempt to aquire Giant in fdrop_locked(), while
> FILE_LOCK() is held.  The problem is that FILE_LOCK uses the mutex pool,
> which should only be used for leaf mutexes.
> 
> It also looks like there is a potential for a lock order reversal if
> some callers aquire Giant before FILE_LOCK() and fdrop_locked() does the
> opposite.
> 
> It also appears that witness ignores the mutex pool ...

Yes, but I think the fix is as simple as just dropping the FILE_LOCK
after the decrement as we're the last holders of it, can you try
this:

Index: kern_descrip.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_descrip.c,v
retrieving revision 1.199
diff -u -r1.199 kern_descrip.c
--- kern_descrip.c	11 Jun 2003 00:56:55 -0000	1.199
+++ kern_descrip.c	17 Jun 2003 19:07:01 -0000
@@ -2003,6 +2003,7 @@
 		FILE_UNLOCK(fp);
 		return (0);
 	}
+	FILE_UNLOCK(fp);
 	mtx_lock(&Giant);
 	if (fp->f_count < 0)
 		panic("fdrop: count < 0");
@@ -2012,10 +2013,8 @@
 		lf.l_len = 0;
 		lf.l_type = F_UNLCK;
 		vp = fp->f_data;
-		FILE_UNLOCK(fp);
 		(void) VOP_ADVLOCK(vp, (caddr_t)fp, F_UNLCK, &lf, F_FLOCK);
-	} else
-		FILE_UNLOCK(fp);
+	}
 	if (fp->f_ops != &badfileops)
 		error = fo_close(fp, td);
 	else