From owner-freebsd-current@FreeBSD.ORG Fri Dec 1 11:06:26 2006 Return-Path: X-Original-To: current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5537D16A407 for ; Fri, 1 Dec 2006 11:06:26 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D59743C9D for ; Fri, 1 Dec 2006 11:06:11 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.4/8.13.3) with ESMTP id kB1B6Naq031793 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 1 Dec 2006 14:06:24 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.4/8.13.1/Submit) id kB1B6Ncw031792 for current@FreeBSD.org; Fri, 1 Dec 2006 14:06:23 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Fri, 1 Dec 2006 14:06:23 +0300 From: Gleb Smirnoff To: current@FreeBSD.org Message-ID: <20061201110623.GB32700@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.5.6i Cc: Subject: [HEADSUP] if_watchdog considered unsafe X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Dec 2006 11:06:26 -0000 Not a HEADSUP really, but just an announcement. Every interface structure in the kernel has an interger field called if_timer. A periodic event in the network stack goes through the list of interfaces and checks whether timer is charged to some non-zero value. If it is, then if_timer is decremented and if it has just reached zero value the interface's if_watchdog method is called. The if_watchdog method usually resets the hardware. Not all interface structures use this API. All virtual interfaces like tun(4), bridge(4), ng_iface(4), carp(4), etc., do not use it, but if_timer and if_watchdog fields are present in their struct ifnet. During 6.2-RELEASE preparation it was found that the race between if_slowtimo() checking the ifp->if_timer and driver updating the ifp->if_timer is real and hit in practice, at least for the em(4) driver. Since the driver mutex is opaque to the network stack, it is impossible to lock access to if_timer in the if_slowtimo(). So, it was decided that the drivers that really need to care about hardwares hangs should use their own locked callout to check for hardware problems. A patch has been committed to HEAD, that prints a warning if driver uses unsafe if_watchdog API. If you see such a warning, do not worry. Your system has the same chance to hit the race as it had before :) If you want, you can convert the driver you are using to do the watchdog job itself and don't use if_watchdog. ATM, three drivers have been converted to handle the watchdog theirselves: em(4), bge(4) and fxp(4). You can take them as examples. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE