From owner-svn-src-all@freebsd.org  Tue Jun 13 23:32:23 2017
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2FAFEC09356;
 Tue, 13 Jun 2017 23:32:23 +0000 (UTC)
 (envelope-from andrew@fubar.geek.nz)
Received: from fry.fubar.geek.nz (fry.fubar.geek.nz [139.59.165.16])
 by mx1.freebsd.org (Postfix) with ESMTP id F139A70855;
 Tue, 13 Jun 2017 23:32:22 +0000 (UTC)
 (envelope-from andrew@fubar.geek.nz)
Received: from [IPv6:2a02:c7f:1e13:cf00:3c4a:423a:9e3f:34af] (unknown
 [IPv6:2a02:c7f:1e13:cf00:3c4a:423a:9e3f:34af])
 by fry.fubar.geek.nz (Postfix) with ESMTPSA id BEC7E4E6E1;
 Tue, 13 Jun 2017 23:32:21 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: svn commit: r319913 - head/sys/dev/hwpmc
From: Andrew Turner <andrew@fubar.geek.nz>
In-Reply-To: <201706131853.v5DIruKH034954@repo.freebsd.org>
Date: Wed, 14 Jun 2017 00:32:21 +0100
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <8886277B-6036-41E8-819D-47AD6990F019@fubar.geek.nz>
References: <201706131853.v5DIruKH034954@repo.freebsd.org>
To: Zbigniew Bodek <zbb@freebsd.org>
X-Mailer: Apple Mail (2.3273)
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jun 2017 23:32:23 -0000


> On 13 Jun 2017, at 19:53, Zbigniew Bodek <zbb@freebsd.org> wrote:
>=20
> Author: zbb
> Date: Tue Jun 13 18:53:56 2017
> New Revision: 319913
> URL: https://svnweb.freebsd.org/changeset/base/319913
>=20
> Log:
>  Fix INVARIANTS debug code in HWPMC
>=20
>  When HWPMC stops sampling, ps_pmc may be freed before samples
>  are processed. In such situation treat PMC as stopped.

What is the sequence leading up to this?

...
> Modified: head/sys/dev/hwpmc/hwpmc_mod.c
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- head/sys/dev/hwpmc/hwpmc_mod.c	Tue Jun 13 18:52:39 2017	=
(r319912)
> +++ head/sys/dev/hwpmc/hwpmc_mod.c	Tue Jun 13 18:53:56 2017	=
(r319913)
> @@ -4224,7 +4224,8 @@ pmc_capture_user_callchain(int cpu, int ring, =
struct t
> 	ps_end =3D psb->ps_write;
> 	do {
> #ifdef	INVARIANTS
> -		if (ps->ps_pmc->pm_state !=3D PMC_STATE_RUNNING)
> +		if ((ps->ps_pmc =3D=3D NULL) ||
> +		    (ps->ps_pmc->pm_state !=3D PMC_STATE_RUNNING))

Isn=E2=80=99t this just moving the NULL pointer dereference later in the =
function? I=E2=80=99m interested in knowing how the NULL pointer got =
into this function.

> 			nfree++;
> #endif
> 		if (ps->ps_nsamples !=3D PMC_SAMPLE_INUSE)
> @@ -4262,9 +4263,11 @@ next:
> 			ps =3D psb->ps_samples;
> 	} while (ps !=3D ps_end);
>=20
> +#ifdef	INVARIANTS
> 	KASSERT(ncallchains > 0 || nfree > 0,
> 	    ("[pmc,%d] cpu %d didn't find a sample to collect", =
__LINE__,
> 		cpu));
> +#endif

Why is this needed? KASSERT is a top when INVARIANTS is undefined.

Andrew