svn commit: r192535 - head/sys/kern
John Baldwin
jhb at freebsd.org
Thu May 21 15:52:55 UTC 2009
On Thursday 21 May 2009 11:41:00 am M. Warner Losh wrote:
> In message: <alpine.BSF.2.00.0905211610140.18790 at fledge.watson.org>
> Robert Watson <rwatson at FreeBSD.org> writes:
> : On Thu, 21 May 2009, John Baldwin wrote:
> :
> : >>>> Move the M_WAITOK flag in notify() into an M_NOWAIT one in order to
> : > match
> : >>>> the behaviour alredy present with the further malloc() call in
> : >>>> devctl_notify().
> : >>>> This fixes a bug in the CAM layer where the camisr handler finished
to
> : >>>> call camperiphfree() (and subsequently destroy_dev() resulting in a
new
> : >>>> dev notify) while the xpt lock is held.
> : >>> This is wrong. You cannot call destroy_dev() while holding any mutex.
> : >>> Taking this into account, it makes no sense to use M_NOWAIT in
notify().
> : >>
> : >> As long as devctl_notify() also calls M_NOWAIT and if not available
skips
> : >> "silently" it just does the same thing, I think this approach is more
> : >> consistent.
> : >>
> : >> It remains, though, the fact to fix CAM when calling destroy_dev().
Maybe
> : >> we should add a witness_warn() there?
> : >
> : > I agree with kib, this should be reverted and CAM fixed instead. I also
> : > agree that M_NOWAIT use should be limited where possible.
> :
> : devctl_notify() probably needs to grow a sleepable flag, or perhaps we
need
> : two variations, one that can sleep.
>
> devctl_notify() has expanded well beyond its original needs. Having
> an extra case for sleeping is the wrong way to solve this problem.
> Really. We're adding hacks on hacks on hacks here and we need to step
> back and think.
>
> I specifically didn't put in CDEV notifications into devd when I
> originally did it because one can get the same notification via
> kevents on /dev. Maybe the right answer is to remove this stuff
> entirely and update devd to do that instead? It isn't a lot of code,
> and should provide equivalent functionality without needing to change
> the rules of the game when it comes to destroy_dev(). Especially this
> close to the code slush...
>
> Comments?
destroy_dev() is not a good idea to call with a mutex held period.
devctl_notify() is the least of one's worries in that case. In general the
code holding a mutex over destroy_dev() should be fixed and I think
devctl_notify() can be left unchanged. destroy_dev() is a draining operation
similar to bus_teardown_intr(), callout_drain(), taskqueue_drain(),
if_detach() (which doesn't drain yet, but needs to), etc. One simply cannot
hold locks across those operations.
--
John Baldwin
More information about the svn-src-all
mailing list