[Panic] Removing of the Palm during select syscall causes panic
Kostik Belousov
kostikbel at gmail.com
Mon Mar 10 20:02:04 UTC 2008
On Mon, Mar 10, 2008 at 03:12:44PM -0400, John Baldwin wrote:
> On Saturday 08 March 2008 06:21:29 am Kostik Belousov wrote:
> > On Sat, Mar 08, 2008 at 02:01:51AM +0300, Oleg Sidorkin wrote:
> > > Hello,
> > >
> > > I'm running 7.0-Stable on the ASUS P5K-VM + Intel Q6600 box.
> > > If Palm device is disconnected after synchronization, system crashes with
> > > following stacktrace:
> > >
> > > Does anyone have any ideas?
> >
> > I posted the patch several days ago, see
> > http://lists.freebsd.org/pipermail/freebsd-current/2008-March/084076.html
>
> So this axes the Giant trick stuff, is this because there are race with the
> cdevsw pointer itself?
There is a separate race with cdevsw being uninitialized while device is
created that is fixed in the patch.
The panic reported is caused by the dereference of the cdev->si_devsw
in the giant_trick wrappers without holding the dev_mtx. In fact, dropping
dev_mtx in dev(vn)_refthreads and then dereferencing the si_devsw.
The destroy_devl() routine zeroes out si_devsw before waiting for
si_threadcount to settle to zero. This works as a barrier for
dev_refthread. Dereferencing si_devsw afterward requires either
the same check or returning giant_trick from dev_refthread or axing
gianttrick (dev_refthread returns cdevsw). I choose the later.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20080310/605e09f1/attachment.pgp
More information about the freebsd-stable
mailing list