Date: Mon, 28 May 2007 16:20:23 +0000 (UTC) From: Tor Egge <Tor.Egge@cvsup.no.freebsd.org> To: marcus@marcuscom.com Cc: attilio@freebsd.org, jroberson@chesapeake.net, current@freebsd.org Subject: Re: Panic on -CURRENT after LDT changes Message-ID: <20070528.162023.41711345.Tor.Egge@cvsup.no.freebsd.org> In-Reply-To: <1180140483.94117.24.camel@shumai.marcuscom.com> References: <1180138048.94117.17.camel@shumai.marcuscom.com> <465780A3.8040603@FreeBSD.org> <1180140483.94117.24.camel@shumai.marcuscom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Could you please try this better approach on a VANILLA kernel and say if > > it still works for you: > > http://users.gufi.org/~rookie/works/patches/schedlock/ldt2.diff > > Still works, no crash. I got similar crashes (page fault in i386_ldt_grow) and tried this patch. During testing, my development machine repeatedly got following panic: spin lock 0xa0ae4378 (descriptor tables) held by 0xadf77360 (tid 100161) too long exclusive spin mutex descriptor tables r = 0 (0xa0ae4378) locked @ i386/i386/sys_machdep.c:414 panic: spin lock held too long cpuid = 0 This looked like a lock leak, with user_ldt_free() as the suspect, since it initially appeared to be able to return with dt_lock still held. But that path seems to be impossible since the callers first check that mdp->md_ldt is non-NULL. During the hunt for the real reason, I found that unsharing of user LDT in cpu_fork() seems broken since the call to user_ldt_free() frees the newly allocated user LDT. Finally, I found that i386_ldt_grow() called smp_rendezvous() without temporarily unlocking dt_lock. That caused a deadlock. Adding a temporary unlock of dt_lock seems to solve the problem for me. smp_rendezvous_action() fails to make a local copy of smp_rv_teardown_func before bumping smp_rv_waiters[1], thus the other CPUs might end up calling the teardown function for the next rendezvous instead of the teardown function for the current rendezvous. - Tor Egge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070528.162023.41711345.Tor.Egge>