From owner-svn-src-stable-10@freebsd.org Fri Oct 13 22:40:58 2017 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 48C8FE2F04B; Fri, 13 Oct 2017 22:40:58 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 168CB779CE; Fri, 13 Oct 2017 22:40:58 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9DMevQb045892; Fri, 13 Oct 2017 22:40:57 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9DMev9g045891; Fri, 13 Oct 2017 22:40:57 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201710132240.v9DMev9g045891@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Fri, 13 Oct 2017 22:40:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r324612 - in stable: 10/sys/ufs/ffs 11/sys/ufs/ffs X-SVN-Group: stable-10 X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: in stable: 10/sys/ufs/ffs 11/sys/ufs/ffs X-SVN-Commit-Revision: 324612 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Oct 2017 22:40:58 -0000 Author: jhb Date: Fri Oct 13 22:40:57 2017 New Revision: 324612 URL: https://svnweb.freebsd.org/changeset/base/324612 Log: MFC 324039: Don't defer wakeup()s for completed journal workitems. Normally wakeups() are performed for completed softupdates work items in workitem_free() before the underlying memory is free()'d. complete_jseg() was clearing the "wakeup needed" flag in work items to defer the wakeup until the end of each loop iteration. However, this resulted in the item being free'd before it's address was used with wakeup(). As a result, another part of the kernel could allocate this memory from malloc() and use it as a wait channel for a different "event" with a different lock. This triggered an assertion failure when the lock passed to sleepq_add() did not match the existing lock associated with the sleep queue. Fix this by removing the code to defer the wakeup in complete_jseg() allowing the wakeup to occur slightly earlier in workitem_free() before free() is called. Modified: stable/10/sys/ufs/ffs/ffs_softdep.c Directory Properties: stable/10/ (props changed) Changes in other areas also in this revision: Modified: stable/11/sys/ufs/ffs/ffs_softdep.c Directory Properties: stable/11/ (props changed) Modified: stable/10/sys/ufs/ffs/ffs_softdep.c ============================================================================== --- stable/10/sys/ufs/ffs/ffs_softdep.c Fri Oct 13 21:58:44 2017 (r324611) +++ stable/10/sys/ufs/ffs/ffs_softdep.c Fri Oct 13 22:40:57 2017 (r324612) @@ -3594,15 +3594,13 @@ complete_jseg(jseg) { struct worklist *wk; struct jmvref *jmvref; - int waiting; #ifdef INVARIANTS int i = 0; #endif while ((wk = LIST_FIRST(&jseg->js_entries)) != NULL) { WORKLIST_REMOVE(wk); - waiting = wk->wk_state & IOWAITING; - wk->wk_state &= ~(INPROGRESS | IOWAITING); + wk->wk_state &= ~INPROGRESS; wk->wk_state |= COMPLETE; KASSERT(i++ < jseg->js_cnt, ("handle_written_jseg: overflow %d >= %d", @@ -3643,8 +3641,6 @@ complete_jseg(jseg) TYPENAME(wk->wk_type)); /* NOTREACHED */ } - if (waiting) - wakeup(wk); } /* Release the self reference so the structure may be freed. */ rele_jseg(jseg);