From owner-svn-src-head@freebsd.org Thu Jun 8 20:47:20 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 13B8DC797A6; Thu, 8 Jun 2017 20:47:20 +0000 (UTC) (envelope-from jtl@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CC01071086; Thu, 8 Jun 2017 20:47:19 +0000 (UTC) (envelope-from jtl@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v58KlIcT079004; Thu, 8 Jun 2017 20:47:18 GMT (envelope-from jtl@FreeBSD.org) Received: (from jtl@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v58KlI51079003; Thu, 8 Jun 2017 20:47:18 GMT (envelope-from jtl@FreeBSD.org) Message-Id: <201706082047.v58KlI51079003@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jtl set sender to jtl@FreeBSD.org using -f From: "Jonathan T. Looney" Date: Thu, 8 Jun 2017 20:47:18 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r319720 - head/sys/dev/vt X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jun 2017 20:47:20 -0000 Author: jtl Date: Thu Jun 8 20:47:18 2017 New Revision: 319720 URL: https://svnweb.freebsd.org/changeset/base/319720 Log: With EARLY_AP_STARTUP enabled, we are seeing crashes in softclock_call_cc() during bootup. Debugging information shows that softclock_call_cc() is trying to execute the vt_consdev.vd_timer callout, and the callout structure contains a NULL c_func. This appears to be due to a race between vt_upgrade() running callout_reset() and vt_resume_flush_timer() calling callout_schedule(). Fix the race by ensuring that vd_timer_armed is always set before attempting to (re)schedule the callout. Discussed with: emaste MFC after: 2 weeks Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D9828 Modified: head/sys/dev/vt/vt_core.c Modified: head/sys/dev/vt/vt_core.c ============================================================================== --- head/sys/dev/vt/vt_core.c Thu Jun 8 20:41:28 2017 (r319719) +++ head/sys/dev/vt/vt_core.c Thu Jun 8 20:47:18 2017 (r319720) @@ -2610,10 +2610,17 @@ vt_upgrade(struct vt_device *vd) /* Init 25 Hz timer. */ callout_init_mtx(&vd->vd_timer, &vd->vd_lock, 0); - /* Start timer when everything ready. */ + /* + * Start timer when everything ready. + * Note that the operations here are purposefully ordered. + * We need to ensure vd_timer_armed is non-zero before we set + * the VDF_ASYNC flag. That prevents this function from + * racing with vt_resume_flush_timer() to update the + * callout structure. + */ + atomic_add_acq_int(&vd->vd_timer_armed, 1); vd->vd_flags |= VDF_ASYNC; callout_reset(&vd->vd_timer, hz / VT_TIMERFREQ, vt_timer, vd); - vd->vd_timer_armed = 1; register_handlers = 1; }