newbus integration of MOD_QUIESCE (was Re: cvs commit:
src/sbin/kldunload kldunload.8 kldunload.c )
Robert Watson
rwatson at freebsd.org
Tue Jul 13 17:00:57 PDT 2004
On Tue, 13 Jul 2004, M. Warner Losh wrote:
> The nasty case I've come up with is what happens when the module is idle
> (not busy), but becomes busy (not idle) after the MOD_QUIESCE call?
> Right now newbus modules that receive a MOD_UNLOAD call attempt to
> detach all instances of devices contained in that module. If I have a
> way to poll the driver to see if it is busy (which is relatively easy to
> implement), then if it becomes busy after the MOD_QUIESCE call, I get a
> MOD_UNLOAD which would force instances to detach.
So, it sounds like a couple of concepts are floating around:
MOD_WEAKUNLOAD - Unload if you're not in use. I.e., unattached driver,
unmounted file system, netgraph nodes that aren't instantiated, network
protocol without any sockets, etc. Be harmlessly gone, but vetoed
at a low cost.
MOD_STRONGUNLOAD - Unload even though you're in use. Detach the driver,
deadfs the file system, wither the geom, sever the sockets, etc. May
cause disruption, but may also veto, depending on the subsystem,
especially if the subsytem has no way to notify its consumers of
impending doom. Can be vetoed, but try harder before vetoing. Some
subsystems might always return EBUSY for this if there's really no way
to express "undesirable departure" upwards.
MOD_QUIESCE - Attempt MOD_WEAKUNLOAD, and if that fails, ask the module to
start draining in some form. I'm a bit unclear on quite what's
intended, but this seems to be less atomic notion than "unload, or
don't" at various points on the spectrum. I.e., it kicks off a state
transition in what is likely a slightly poorly defined state machine.
Right now, the state machine is "Not loaded", "Loaded", and we use a
lock to prevent intermediate states from colliding.
MOD_SHUTDOWN - The system is shutting down, the module better do it too.
Since there's no way to say "Um, no", most modules that don't know how
to unload just ignore the event and in most cases it's harmless because
the system state is toast shortly anyway.
MOD_PANIC - Unload the module, regardless of the consequences.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Principal Research Scientist, McAfee Research
More information about the freebsd-arch
mailing list