svn commit: r291074 - in head: share/man/man9 sys/kern sys/vm

Bruce Evans brde at optusnet.com.au
Fri Nov 20 07:53:26 UTC 2015 

On Thu, 19 Nov 2015, Jonathan T. Looney wrote:

> On 11/19/15, 12:58 PM, "John Baldwin" <jhb at freebsd.org> wrote:
>> Note that if you are going to document in each section 9 manpage which
>> APIs
>> are not safe to call in a critical section, you will need to update just
>> about every section 9 manpage.  A more prudent approach would probably be
>> to
>> instead go the sigaction(2) route and instead document the subset of APIs
>> which are permissible to call in critical_enter(9).  The list is probably
>> not
>> very long.  Off the top of my head I can think of sched_*, swi_sched,
>> taskqueue_enqueue_fast, and little else.
>
> Point taken.

Both the man page and the KASSERT()s with redundant (yet incomplete) "or"
clause about spinlocks.

The change also has some style bugs (extra blank lines).

The above list is similar to the list of APIs that may be called by a
"fast" interrupt handler.  It is much smaller than the full list, but
still unmanageably large.  The closure of the list is difficult to
determined, and the closure of the list of calls actually made is
infinite due to bugs like console drivers calling kdb_alt_break() which
calls everything via reboot() and panic() (also via kdb_enter(), but
the only correct reason for existence of kdb_alt_break() is to enter
kdb, and kdb is a little more careful about not calling everything).

> As noted above, the point wasn't to enable checking when WITNESS was
> disabled; rather, the point was to make the existing checks more
> consistent. Basically, if you do something that engenders a panic at high
> scale, you should get consistent behavior at low scale, too.

Checking that is actually done is also likely to cause recursive panics
when panic() is called with in a critical section or in another bad
state.  This may be considered as a feature.  It limits the damage
when panic() wanders into normal code does unsafe things for the
bad state, and inhibits bugs like kdb_alt_break() calling panic().

Bruce

More information about the svn-src-all mailing list