From owner-cvs-all@FreeBSD.ORG Tue Jun 13 13:08:27 2006 Return-Path: X-Original-To: cvs-all@freebsd.org Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A549116A418; Tue, 13 Jun 2006 13:08:27 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from server.baldwin.cx (66-23-211-162.clients.speedfactory.net [66.23.211.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A81E43D46; Tue, 13 Jun 2006 13:08:26 +0000 (GMT) (envelope-from jhb@freebsd.org) Received: from zion.baldwin.cx (zion.baldwin.cx [192.168.0.7]) (authenticated bits=0) by server.baldwin.cx (8.13.4/8.13.4) with ESMTP id k5DD8P92022803; Tue, 13 Jun 2006 09:08:26 -0400 (EDT) (envelope-from jhb@freebsd.org) From: John Baldwin To: Ian Dowse Date: Tue, 13 Jun 2006 08:56:54 -0400 User-Agent: KMail/1.9.1 References: <200606130150.aa12882@nowhere.iedowse.com> In-Reply-To: <200606130150.aa12882@nowhere.iedowse.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200606130856.55255.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.0.2 (server.baldwin.cx [192.168.0.1]); Tue, 13 Jun 2006 09:08:26 -0400 (EDT) X-Virus-Scanned: ClamAV 0.87.1/1537/Tue Jun 13 07:24:06 2006 on server.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-4.4 required=4.2 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on server.baldwin.cx Cc: cvs-src@freebsd.org, src-committers@freebsd.org, cvs-all@freebsd.org, Ian Dowse Subject: Re: cvs commit: src/sys/sys firmware.h src/sys/kern subr_firmware.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jun 2006 13:08:27 -0000 On Monday 12 June 2006 20:50, Ian Dowse wrote: > In message <200606121631.07177.john@baldwin.cx>, John Baldwin writes: > >On Saturday 10 June 2006 13:04, Ian Dowse wrote: > >> Keep firmware images on the list until they have been unregistered > >> with firmware_unregister(). Previously when the last driver reference > >> had been dropped we would clear the list entry under the assumption > >> that the firmware module was about to be unloaded, but this was not > >> true if the firmware image had been loaded manually with kldload. > > > >I think you still need to clear the entire entry in unloadentry() and no= t just > >clear fp->file. Otherwise, another thread could gain a reference on thi= s=20 > >entry in the table after you drop the firmware mutex and before=20 > >firmware_unregister() is ran by the kernel linker. >=20 > That would bring back the original issue where a manually kldloaded > firmware image would be removed from the list when a driver calls > firmware_put(), even though the kld will remain loaded; there is > nothing that a driver can do to get the entry back on the list since > calling linker_reference_module() will not result in a call to > firmware_register() because the module is already (manually) loaded. No it wouldn't. :) unloadentry() is only called when we are unloading an explicitly loaded module from the taskqueue. That is where I think the 'fp->file =3D NULL' should be changed to 'clearentry()'. Either that or don't clear fp->file at all. > Shouldn't this race be fixed by your other suggested change of > having a firmware_unregister() failure preventing the image module > from unloading? (I didn't realise it wasn't already checking) The > firmware_unregister() function atomically checks for references and > clears the full entry, so with your change there is no way for the > module to be unloaded while a reference exists. No. You've cleared fp->file. This means that if the other thread gets a reference, the firmware_unregister() will fail, but now the kernel will never unload this file on a subsequent firmware_put() since it won't see that it was explicitly loaded by the kernel since fp->file =3D=3D NULL. The awk script patch fixes a different race where kldunload would succeed even though there were open references and drivers would have pointers into unmapped memory (or possibly mapped to something else). =2D-=20 John Baldwin =A0<>< =A0http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" =A0=3D =A0http://www.FreeBSD.org