svn commit: r240813 - head/sys/kern
John Baldwin
jhb at freebsd.org
Tue Sep 25 15:17:09 UTC 2012
On Saturday, September 22, 2012 8:17:09 am Konstantin Belousov wrote:
> Author: kib
> Date: Sat Sep 22 12:17:09 2012
> New Revision: 240813
> URL: http://svn.freebsd.org/changeset/base/240813
>
> Log:
> Do not skip two elements of the tid_buffer when reusing the buffer
> slot. This eventually results in exhaustion of the tid space, causing
> new threads get tid -1 as identifier.
>
> The bad effect of having the thread id equal to -1 is that
> UMTX_OP_UMUTEX_WAIT returns EFAULT for a lock owned by such thread,
> because casuword cannot distinguish between literal value -1 read from
> the address and -1 returned as an indication of faulted
> access. _thr_umutex_lock() helper from libthr does not check for
> errors from _umtx_op_err(2), causing an infinite loop in
> mutex_lock_sleep().
>
> We observed the JVM processes hanging and consuming enormous amount of
> system time on machines with approximately 100 days uptime.
>
> Reported by: Mykola Dzham <freebsd levsha org ua>
> MFC after: 1 week
>
> Modified:
> head/sys/kern/kern_thread.c
>
> Modified: head/sys/kern/kern_thread.c
>
==============================================================================
> --- head/sys/kern/kern_thread.c Sat Sep 22 12:12:39 2012 (r240812)
> +++ head/sys/kern/kern_thread.c Sat Sep 22 12:17:09 2012 (r240813)
> @@ -116,7 +116,7 @@ tid_free(lwpid_t tid)
> mtx_lock(&tid_lock);
> if ((tid_tail + 1) % TID_BUFFER_SIZE == tid_head) {
> tmp_tid = tid_buffer[tid_head++];
> - tid_head = (tid_head + 1) % TID_BUFFER_SIZE;
> + tid_head %= TID_BUFFER_SIZE;
I actually think it would be clearer (to the reader) to remove the ++ side
effect in the tmp_tid assignment so that the update to tid_head is self
contained in one statement. Of course, the update to tid_tail below suffers
from the same obfuscation.
> }
> tid_buffer[tid_tail++] = tid;
> tid_tail %= TID_BUFFER_SIZE;
>
--
John Baldwin
More information about the svn-src-all
mailing list