Date: Tue, 9 Sep 2008 14:27:53 -0400 From: John Baldwin <jhb@freebsd.org> To: Robert Watson <rwatson@freebsd.org> Cc: cvs-src@freebsd.org, src-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/kern subr_turnstile.c Message-ID: <200809091427.53834.jhb@freebsd.org> In-Reply-To: <alpine.BSF.1.10.0809091108100.66707@fledge.watson.org> References: <200809082140.m88LeNJW085481@repoman.freebsd.org> <alpine.BSF.1.10.0809091108100.66707@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 09 September 2008 06:09:34 am Robert Watson wrote: > On Mon, 8 Sep 2008, John Baldwin wrote: > > > SVN rev 182879 on 2008-09-08 21:40:15Z by jhb > > > > - Reduce scope of #ifdef's in uma_zcreate() call in init_turnstile0(). > > - Set UMA_ZONE_NOFREE so that the per-turnstile spin locks are type stable > > to avoid a race where one thread might dereference a lock in a free'd > > turnstile that was previously used by another thread. > > Is this a feature or a workaround for a bug? Normally in the above scenario > we would consider use-after-free a bug or symptom of a larger architectural > problem rather than a feature. At least, that's what I consider similar use > of UMA_ZONE_NOFREE where it persists in the network stack :-). Well, it's a workaround for the fact that the way thread_lock works is it tries to acquire what it thinks is the current lock for a given thread. Once it has that lock, then it checks to see if the thread has switched to a different lock. If so, it drops the lock it has and tries to get the "new" lock. Anytime you lose this race, you can end up holding a lock that isn't necessarily associated with the thread anymore. For that reason, locks used as thread locks should generally be type-stable. Most of the locks used as thread locks are in static data structures (runqueues, sleepq hash table buckets, the global "blocked lock", etc.) so they are already type-stable. The turnstile locks are the one case where locks used as thread locks are dynamically allocated IIRC. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809091427.53834.jhb>