svn commit: r192535 - head/sys/kern

John Baldwin jhb at freebsd.org
Thu May 21 16:11:25 UTC 2009 

On Thursday 21 May 2009 11:54:01 am Scott Long wrote:
> M. Warner Losh wrote:
> > In message: <alpine.BSF.2.00.0905211610140.18790 at fledge.watson.org>
> >             Robert Watson <rwatson at FreeBSD.org> writes:
> > : On Thu, 21 May 2009, John Baldwin wrote:
> > : 
> > : >>>>   Move the M_WAITOK flag in notify() into an M_NOWAIT one in order 
to
> > : > match
> > : >>>>   the behaviour alredy present with the further malloc() call in
> > : >>>>   devctl_notify().
> > : >>>>   This fixes a bug in the CAM layer where the camisr handler 
finished to
> > : >>>>   call camperiphfree() (and subsequently destroy_dev() resulting in 
a new
> > : >>>>   dev notify) while the xpt lock is held.
> > : >>> This is wrong. You cannot call destroy_dev() while holding any 
mutex. 
> > : >>> Taking this into account, it makes no sense to use M_NOWAIT in 
notify().
> > : >>
> > : >> As long as devctl_notify() also calls M_NOWAIT and if not available 
skips 
> > : >> "silently" it just does the same thing, I think this approach is more 
> > : >> consistent.
> > : >>
> > : >> It remains, though, the fact to fix CAM when calling destroy_dev(). 
Maybe 
> > : >> we should add a witness_warn() there?
> > : >
> > : > I agree with kib, this should be reverted and CAM fixed instead.  I 
also 
> > : > agree that M_NOWAIT use should be limited where possible.
> > : 
> > : devctl_notify() probably needs to grow a sleepable flag, or perhaps we 
need 
> > : two variations, one that can sleep.
> > 
> > devctl_notify() has expanded well beyond its original needs.  Having
> > an extra case for sleeping is the wrong way to solve this problem.
> > Really.  We're adding hacks on hacks on hacks here and we need to step
> > back and think.
> > 
> > I specifically didn't put in CDEV notifications into devd when I
> > originally did it because one can get the same notification via
> > kevents on /dev.  Maybe the right answer is to remove this stuff
> > entirely and update devd to do that instead?  It isn't a lot of code,
> > and should provide equivalent functionality without needing to change
> > the rules of the game when it comes to destroy_dev().  Especially this
> > close to the code slush...
> > 
> > Comments?
> > 
> > Warner
> 
> Very much in agreement here.  I would also love to have destroy_dev() 
> and make_dev() be locking-neutral.  Having sleepable locks in leaf APIs
> is unpleasant for consumers of those APIs.

destroy_dev() does not use a sleepable lock, the problem is it drains so it 
can provide sane semantics to a caller who wants to ensure that all outside 
references to a cdev are gone when it returns.  You can't provide that 
without doing some sort of synchronization with the other threads trying to 
call d_open(), etc.  And you most certainly can't do it if you call 
destroy_dev() while holding your driver's mutex as you then have the problem 
that some other thread could be blocked on that mutex already in your 
d_open() routine when you call destroy_dev().  These sane semantics are 
needed so drivers can do things like safely free softcs and destroy locks, 
etc.

-- 
John Baldwin

More information about the svn-src-head mailing list