NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
lib/44679: libpuffs leaks cc
>Number: 44679
>Category: lib
>Synopsis: libpuffs leaks cc
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: lib-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Mar 04 10:00:01 +0000 2011
>Originator: YAMAMOTO Takashi
>Release: NetBSD current
>Organization:
>Environment:
>Description:
[ reminder to myself and pooka ]
the main loop starts with cc-A.
theloop -> framev_input -> gotfb -> ml_dispatch -> fs vector -> cc_yield
cc_yield jumps to theloop with newly allocated cc, cc-B.
it clears MLCONT for cc-A.
someone (say cc-B) cc_schedule cc-A.
cc-B runs the loop and picks the scheduled cc-A and puffs__goto to it.
it sets BORROWED flag on cc-A.
cc-A finishes the fs vector. BORROWED flag makes it call cc_yield.
it jumps back to cc-B.
now cc-B continues to run theloop. cc-A is never destroyed.
>How-To-Repeat:
>Fix:
the following patch fixes the problem for my workload.
i don't know if it is safe for other uses of puffs__goto
in framebuf.c.
Index: callcontext.c
===================================================================
RCS file: /cvsroot/src/lib/libpuffs/callcontext.c,v
retrieving revision 1.25
diff -u -p -r1.25 callcontext.c
--- callcontext.c 4 Mar 2011 09:47:47 -0000 1.25
+++ callcontext.c 4 Mar 2011 09:49:39 -0000
@@ -78,6 +78,14 @@ puffs_cc_yield(struct puffs_cc *pcc)
assert(puffs_fakecc == 0);
+ if ((~pcc->pcc_flags & (PCC_BORROWED|PCC_DONE)) == 0) {
+ pcc->pcc_flags &= ~(PCC_BORROWED|PCC_DONE);
+ /*
+ * see the XXX comment in puffs__cc_cont
+ */
+ puffs__cc_destroy(pcc, 1);
+ setcontext(&pcc->pcc_uc_ret);
+ }
pcc->pcc_flags &= ~PCC_BORROWED;
/* romanes eunt domus */
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index