Date: Sat, 23 Aug 2008 01:33:28 +0800 (CST) From: kevinxlinuz <kevinxlinuz@163.com> To: freebsd-current@freebsd.org Subject: [BUG] I think sleepqueue need to be protected in sleepq_broadcast Message-ID: <11617822.2511219426408994.JavaMail.coremail@bj163app64.163.com>
next in thread | raw e-mail | index | archive | help
Hi,
I'm looking in the problem ( amd64/124200: kernel panic on mutex sleepq chain).It troubles me for a long time.I add a KASSERT in sleepq_broadcast() to check the sleepqueue's wait channel.At last it turn out that the sleepqueue's wait channel was changed before sleepq_resume_thread().
In sleepq_lookup(),We can easily find sq->sq_wchan == wchan.But after a short time,the sq->sq_wchan nolonger equal with wchan,so I think it was changed by other threads.
sleepq_broadcast(void *wchan, int flags, int pri, int queue)
{
struct sleepqueue *sq;
struct thread *td;
int wakeup_swapper;
CTR2(KTR_PROC, "sleepq_broadcast(%p, %d)", wchan, flags);
KASSERT(wchan != NULL, ("%s: invalid NULL wait channel", __func__));
MPASS((queue >= 0) && (queue < NR_SLEEPQS));
sq = sleepq_lookup(wchan);
if (sq == NULL)
return (0);
KASSERT(sq->sq_type == (flags & SLEEPQ_TYPE),
("%s: mismatch between sleep/wakeup and cv_*", __func__));
/* Resume all blocked threads on the sleep queue. */
wakeup_swapper = 0;
while (!TAILQ_EMPTY(&sq->sq_blocked[queue])) {
td = TAILQ_FIRST(&sq->sq_blocked[queue]);
thread_lock(td);
/* test */
KASSERT(sq->sq_wchan == wchan,
("%s:mismatch between wchan and sq_wchan in sq",__func__));
/* I find the panic here */
if (sleepq_resume_thread(sq, td, pri))
wakeup_swapper = 1;
thread_unlock(td);
}
return (wakeup_swapper);
}
Thanks,
kevin 2008/08/23
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11617822.2511219426408994.JavaMail.coremail>