svn commit: r240813 - head/sys/kern

[John Baldwin]

On Saturday, September 22, 2012 8:17:09 am Konstantin Belousov wrote:
> Author: kib
> Date: Sat Sep 22 12:17:09 2012
> New Revision: 240813
> URL: http://svn.freebsd.org/changeset/base/240813
> 
> Log:
>   Do not skip two elements of the tid_buffer when reusing the buffer
>   slot. This eventually results in exhaustion of the tid space, causing
>   new threads get tid -1 as identifier.
>   
>   The bad effect of having the thread id equal to -1 is that
>   UMTX_OP_UMUTEX_WAIT returns EFAULT for a lock owned by such thread,
>   because casuword cannot distinguish between literal value -1 read from
>   the address and -1 returned as an indication of faulted
>   access. _thr_umutex_lock() helper from libthr does not check for
>   errors from _umtx_op_err(2), causing an infinite loop in
>   mutex_lock_sleep().
>   
>   We observed the JVM processes hanging and consuming enormous amount of
>   system time on machines with approximately 100 days uptime.
>   
>   Reported by:	Mykola Dzham <freebsd levsha org ua>
>   MFC after:	1 week
> 
> Modified:
>   head/sys/kern/kern_thread.c
> 
> Modified: head/sys/kern/kern_thread.c
> 
==============================================================================
> --- head/sys/kern/kern_thread.c	Sat Sep 22 12:12:39 2012	(r240812)
> +++ head/sys/kern/kern_thread.c	Sat Sep 22 12:17:09 2012	(r240813)
> @@ -116,7 +116,7 @@ tid_free(lwpid_t tid)
>  	mtx_lock(&tid_lock);
>  	if ((tid_tail + 1) % TID_BUFFER_SIZE == tid_head) {
>  		tmp_tid = tid_buffer[tid_head++];
> -		tid_head = (tid_head + 1) % TID_BUFFER_SIZE;
> +		tid_head %= TID_BUFFER_SIZE;

I actually think it would be clearer (to the reader) to remove the ++ side 
effect in the tmp_tid assignment so that the update to tid_head is self 
contained in one statement.  Of course, the update to tid_tail below suffers
from the same obfuscation.

>  	}
>  	tid_buffer[tid_tail++] = tid;
>  	tid_tail %= TID_BUFFER_SIZE;
> 

-- 
John Baldwin