From owner-freebsd-hackers  Fri Jan 11 13:26:34 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from hoth.ffwd.cx (hoth.ffwd.cx [216.187.116.122])
	by hub.freebsd.org (Postfix) with ESMTP id 39EDD37B404
	for <freebsd-hackers@freebsd.org>; Fri, 11 Jan 2002 13:26:22 -0800 (PST)
Received: from skye by hoth.ffwd.cx with local (Exim 3.13 #1)
	id 16P9Bn-0009YZ-00
	for freebsd-hackers@freebsd.org; Fri, 11 Jan 2002 13:26:15 -0800
Date: Fri, 11 Jan 2002 13:26:15 -0800
From: Skye Poier <skye@ffwd.cx>
To: FreeBSD 31337 H4X0RZ <freebsd-hackers@freebsd.org>
Subject: Possible problem with timeouts?
Message-ID: <20020111132615.A36583@ffwd.cx>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
X-URL: http://www.ffwd.cx/
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Hello Hackers,

While doing an audit of the timer code in FreeBSD's kernel one of our
developers came across a theoretical bug and I thought I'd run it by the
gurus on this list before we hack around it.

It seems that it is possible to call untimeout and then have your timer
called immediately thereafter. However, we haven't actually seen this in
practice, this is a theoretical bug. If this is indeed the case, it will
break lots of our code (misunderstood semantics..)

If you look at softclock, you will see that the callout_lock mutex is
released after we have decided on the callback to call next, but right
before we actually call it. Theoretically, the following seems possible:

    callout thread          our kern thread
    --------------          ---------------
                            acquire Giant
                            try to acquire callout_lock
    choose callout
    release callout_lock
    try to acquire Giant
                            remove callout
                            release callout_lock
                            release Giant
                            untimeout returns
                            caller removes resource callout needs
    acquire Giant
    call callout
    BIG TROUBLE FOR MOOSE
    AND SQUIRREL

With these semantics, things get severely broken, because there's no
reliable way to clean up after timeouts except to just never call
untimeout and have the timeouts themselves realize they have been
cancelled.

Now, its possible that this has been fixed since we took a snapshot of
-current way back around Feb/Mar 2001.  

If anyone has some insight into this it would be much appreciated.  I
have a second question around softclock but I'll save it for later..

Thanks,
Skye Poier

--
"Natural Gas. It sure gives you some ideas!" - Space Ghost
[ www.ffwd.cx ] ffwd internet division

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message