Re: PR/53998 CVS commit: src/sys/kern

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,joel.bertrand%systella.fr@localhost
Subject: Re: PR/53998 CVS commit: src/sys/kern
From: BERTRAND Joël <joel.bertrand%systella.fr@localhost>
Date: Mon, 25 Feb 2019 14:05:01 +0000 (UTC)

The following reply was made to PR kern/53998; it has been noted by GNATS.

From: =?UTF-8?Q?BERTRAND_Jo=c3=abl?= <joel.bertrand%systella.fr@localhost>
To: Christos Zoulas <christos%zoulas.com@localhost>, gnats-bugs%NetBSD.org@localhost,
        kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
        netbsd-bugs%netbsd.org@localhost
Cc: 
Subject: Re: PR/53998 CVS commit: src/sys/kern
Date: Mon, 25 Feb 2019 15:00:35 +0100

 This is a multi-part message in MIME format.
 --------------DCA37B7454E92FDAA76087C5
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 7bit
 
 	Christos,
 
 	I have applied bith patch (you will find in attachment patch against -8).
 
 	This patch partially fixes this PR as my test program can create more
 threads before first sem_init() failure. But I think there is another
 race condition somewhere in semaphore subsystem.
 
 	After sem_init() failure, there is no specific message in dmesg or logfile.
 
 	I don't understand why atomic_dec_uint(&nsems_total) or
 atomic_inc_uint(&nsems_total) are not protected by a lock.
 
 	Best regards,
 
 	JB
 
 --------------DCA37B7454E92FDAA76087C5
 Content-Type: text/x-patch;
  name="PR53998.patch"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
  filename="PR53998.patch"
 
 ? sys/arch/amd64/conf/CUSTOM
 Index: sys/kern/uipc_sem.c
 ===================================================================
 RCS file: /cvsroot/src/sys/kern/uipc_sem.c,v
 retrieving revision 1.47
 diff -u -r1.47 uipc_sem.c
 --- sys/kern/uipc_sem.c	31 Oct 2016 15:08:45 -0000	1.47
 +++ sys/kern/uipc_sem.c	25 Feb 2019 12:25:45 -0000
 @@ -374,7 +374,11 @@
  	kmem_free(ks, sizeof(ksem_t));
  
  	atomic_dec_uint(&nsems_total);
 - 	atomic_dec_uint(&curproc->p_nsems);	
 +	while((int)atomic_dec_uint_nv(&curproc->p_nsems) < 0) {
 +		printf("%s: pid=%d sem=%p negative refcount %u\n", __func__,
 +				curproc->p_pid, ks, curproc->p_nsems);
 +		atomic_inc_uint(&curproc->p_nsems);
 +	}
  }
  
  int
 Index: sys/sys/proc.h
 ===================================================================
 RCS file: /cvsroot/src/sys/sys/proc.h,v
 retrieving revision 1.340.6.1
 diff -u -r1.340.6.1 proc.h
 --- sys/sys/proc.h	12 Apr 2018 13:42:49 -0000	1.340.6.1
 +++ sys/sys/proc.h	25 Feb 2019 12:25:46 -0000
 @@ -314,7 +314,6 @@
  	pid_t 		p_vfpid_done;	/* :: vforked done pid */
  	lwpid_t		p_lwp_created;	/* :: lwp created */
  	lwpid_t		p_lwp_exited;	/* :: lwp exited */
 -	u_int		p_nsems;	/* Count of semaphores */
  
  /*
   * End area that is zeroed on creation
 @@ -335,7 +334,7 @@
  
  	vaddr_t		p_psstrp;	/* :: address of process's ps_strings */
  	u_int		p_pax;		/* :: PAX flags */
 -
 +	u_int		p_nsems;	/* Count of semaphores */
  	int		p_xexit;	/* p: exit code */
  /*
   * End area that is copied on creation
 
 --------------DCA37B7454E92FDAA76087C5--

Follow-Ups:
- Re: PR/53998 CVS commit: src/sys/kern
  - From: Christos Zoulas

Prev by Date: Re: PR/53998 CVS commit: src/sys/kern
Next by Date: Re: PR/53998 CVS commit: src/sys/kern
Previous by Thread: Re: PR/53998 CVS commit: src/sys/kern
Next by Thread: Re: PR/53998 CVS commit: src/sys/kern
Indexes:

Home | Main Index | Thread Index | Old Index