Date: Fri, 4 Apr 2003 00:03:12 -0800 (PST) From: Nate Lawson <nate@root.org> To: Andrew Gallatin <gallatin@cs.duke.edu> Cc: current@freebsd.org Subject: Re: mbuf LOR Message-ID: <Pine.BSF.4.21.0304040001330.15815-100000@root.org> In-Reply-To: <16012.32534.331966.216694@grasshopper.cs.duke.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 3 Apr 2003, Andrew Gallatin wrote:
> Nate Lawson writes:
> > I was testing some changes to make fxp MPSAFE and got a LOR in allocating
> > the mbuf cluster and then finally a panic when trying to dereference the
> > cluster header. Is the mbuf system MPSAFE? Is it ok to call m_getcl
> > with a device lock held (but not Giant)?
> >
> > The lock reversal was: 1. fxp softc lock, 2. Giant.
>
> I think the only place it can be coming from is slab_zalloc().
> Does the appended (untested) patch help?
>
> BTW, I don't think that there is any need to get Giant for the zone
> allocators in the M_NOWAIT case, but I'm not really familar with the
> code, and I don't know if the sparc64 uma_small_alloc needs Giant.
>
> BTW, my MPSAFE driver never sees this, but then again, I never
> allocate clusters. I use jumbo frames, and carve out my own recv
> buffers, so I'm only allocating mbufs, not clusters.
>
> Drew
>
>
> Index: uma_core.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/vm/uma_core.c,v
> retrieving revision 1.51
> diff -u -r1.51 uma_core.c
> --- uma_core.c 26 Mar 2003 18:44:53 -0000 1.51
> +++ uma_core.c 3 Apr 2003 18:22:14 -0000
> @@ -703,10 +703,14 @@
> wait &= ~M_ZERO;
>
> if (booted || (zone->uz_flags & UMA_ZFLAG_PRIVALLOC)) {
> - mtx_lock(&Giant);
> - mem = zone->uz_allocf(zone,
> - zone->uz_ppera * UMA_SLAB_SIZE, &flags, wait);
> - mtx_unlock(&Giant);
> + if ((wait & M_NOWAIT) == 0) {
> + mtx_lock(&Giant);
> + mem = zone->uz_allocf(zone,
> + zone->uz_ppera * UMA_SLAB_SIZE, &flags, wait);
> + mtx_unlock(&Giant);
> + } else {
> + mem = NULL;
> + }
> if (mem == NULL) {
> ZONE_LOCK(zone);
> return (NULL);
You're right about where the problem is (top of stack trace and listing
below). However, your patch causes an immediate panic on boot due to a
NULL deref. I don't think you want it to always return NULL if called
with M_NOWAIT set. :) Other ideas?
slab_zalloc + 0xdf
uma_zone_slab + 0xd8
uma_zalloc_bucket + 0x15d
uma_zalloc_arg + 0x307
malloc
...
m_getcl
(gdb) l *slab_zalloc+0xdf
0xc02f646f is in slab_zalloc (../../../vm/uma_core.c:707).
702 else
703 wait &= ~M_ZERO;
704
705 if (booted || (zone->uz_flags & UMA_ZFLAG_PRIVALLOC)) {
706 mtx_lock(&Giant);
707 mem = zone->uz_allocf(zone,
708 zone->uz_ppera * UMA_SLAB_SIZE, &flags, wait);
709 mtx_unlock(&Giant);
710 if (mem == NULL) {
711 ZONE_LOCK(zone);
-Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0304040001330.15815-100000>