Re: fd code multithreaded race?

To: tech-kern%netbsd.org@localhost
Subject: Re: fd code multithreaded race?
From: Antti Kantee <pooka%cs.hut.fi@localhost>
Date: Mon, 2 Aug 2010 19:04:45 +0300

On Sat Jul 31 2010 at 20:31:19 +0300, Antti Kantee wrote:
> Hi,
> 
> I'm looking at a KASSERT which is triggering quite rarely for me (in
> terms of iterations):
> 
> panic: kernel diagnostic assertion "dt->dt_ff[i]->ff_refcnt == 0" failed: 
> file 
> "/usr/allsrc/src/sys/rump/librump/rumpkern/../../../kern/kern_descrip.c", 
> line 856
> 
> Upon closer examination, it seems that this can trigger while another
> thread is in fd_getfile() between upping the refcount, testing for
> ff_file, and fd_putfile().  Removing the KASSERT seems to restore correct
> operation, but I didn't read the code far enough to see where the race
> is actually handled and what stops the code from using the wrong file.
> 
> How-to-repeat:
> Run tests/fs/puffs/t_fuzz mountfuzz7 in a loop.  A multiprocessor kernel
> might produce a more reliable result, so set RUMP_NCPU unless you have
> a multiprocessor host.  Depending on timings and how the get/put thread
> runs, you might even see the refcount as 0 in the core.
> 
> Does anyone see something wrong with the analysis?  If not, I'll create
> a dedidated test and file a PR.

kern/43694, tests/kernel/t_filedesc

References:
- fd code multithreaded race?
  - From: Antti Kantee

Prev by Date: Re: Modules loading modules?
Next by Date: re: Modules loading modules?
Previous by Thread: fd code multithreaded race?
Next by Thread: Re: fd code multithreaded race?
Indexes:

Home | Main Index | Thread Index | Old Index