From owner-svn-src-all@freebsd.org  Fri Dec 11 20:05:08 2015
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6B1C49D8000;
 Fri, 11 Dec 2015 20:05:08 +0000 (UTC)
 (envelope-from markj@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2E8F71A61;
 Fri, 11 Dec 2015 20:05:08 +0000 (UTC)
 (envelope-from markj@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tBBK57AS086545;
 Fri, 11 Dec 2015 20:05:07 GMT (envelope-from markj@FreeBSD.org)
Received: (from markj@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id tBBK576W086543;
 Fri, 11 Dec 2015 20:05:07 GMT (envelope-from markj@FreeBSD.org)
Message-Id: <201512112005.tBBK576W086543@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: markj set sender to
 markj@FreeBSD.org using -f
From: Mark Johnston <markj@FreeBSD.org>
Date: Fri, 11 Dec 2015 20:05:07 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r292117 - in head/sys: kern vm
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2015 20:05:08 -0000

Author: markj
Date: Fri Dec 11 20:05:07 2015
New Revision: 292117
URL: https://svnweb.freebsd.org/changeset/base/292117

Log:
  Don't make assertions about td_critnest when the scheduler is stopped.
  
  A panicking thread always executes with a critical section held, so any
  attempt to allocate or free memory while dumping will otherwise cause a
  second panic. This can occur, for example, if xpt_polled_action() completes
  non-dump I/O that was pending at the time of the panic. The fact that this
  can occur is itself a bug, but asserting in this case does little but
  reduce the reliability of kernel dumps.
  
  Suggested by:	kib
  Reported by:	pho

Modified:
  head/sys/kern/kern_malloc.c
  head/sys/vm/uma_core.c

Modified: head/sys/kern/kern_malloc.c
==============================================================================
--- head/sys/kern/kern_malloc.c	Fri Dec 11 18:47:41 2015	(r292116)
+++ head/sys/kern/kern_malloc.c	Fri Dec 11 20:05:07 2015	(r292117)
@@ -475,8 +475,7 @@ malloc(unsigned long size, struct malloc
 	if (flags & M_WAITOK)
 		KASSERT(curthread->td_intr_nesting_level == 0,
 		   ("malloc(M_WAITOK) in interrupt context"));
-
-	KASSERT(curthread->td_critnest == 0,
+	KASSERT(curthread->td_critnest == 0 || SCHEDULER_STOPPED(),
 	    ("malloc: called with spinlock or critical section held"));
 
 #ifdef DEBUG_MEMGUARD
@@ -544,8 +543,7 @@ free(void *addr, struct malloc_type *mtp
 	u_long size;
 
 	KASSERT(mtp->ks_magic == M_MAGIC, ("free: bad malloc type magic"));
-
-	KASSERT(curthread->td_critnest == 0,
+	KASSERT(curthread->td_critnest == 0 || SCHEDULER_STOPPED(),
 	    ("free: called with spinlock or critical section held"));
 
 	/* free(NULL, ...) does nothing */
@@ -610,8 +608,7 @@ realloc(void *addr, unsigned long size, 
 
 	KASSERT(mtp->ks_magic == M_MAGIC,
 	    ("realloc: bad malloc type magic"));
-
-	KASSERT(curthread->td_critnest == 0,
+	KASSERT(curthread->td_critnest == 0 || SCHEDULER_STOPPED(),
 	    ("realloc: called with spinlock or critical section held"));
 
 	/* realloc(NULL, ...) is equivalent to malloc(...) */

Modified: head/sys/vm/uma_core.c
==============================================================================
--- head/sys/vm/uma_core.c	Fri Dec 11 18:47:41 2015	(r292116)
+++ head/sys/vm/uma_core.c	Fri Dec 11 20:05:07 2015	(r292117)
@@ -2149,8 +2149,7 @@ uma_zalloc_arg(uma_zone_t zone, void *ud
 		WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
 		    "uma_zalloc_arg: zone \"%s\"", zone->uz_name);
 	}
-
-	KASSERT(curthread->td_critnest == 0,
+	KASSERT(curthread->td_critnest == 0 || SCHEDULER_STOPPED(),
 	    ("uma_zalloc_arg: called with spinlock or critical section held"));
 
 #ifdef DEBUG_MEMGUARD
@@ -2690,7 +2689,7 @@ uma_zfree_arg(uma_zone_t zone, void *ite
 	CTR2(KTR_UMA, "uma_zfree_arg thread %x zone %s", curthread,
 	    zone->uz_name);
 
-	KASSERT(curthread->td_critnest == 0,
+	KASSERT(curthread->td_critnest == 0 || SCHEDULER_STOPPED(),
 	    ("uma_zfree_arg: called with spinlock or critical section held"));
 
         /* uma_zfree(..., NULL) does nothing, to match free(9). */