Revert part of r300109.

The removal of TAILQ_FOREACH_SAFE introduced a small race: when the last thread on a sleepqueue is awoken, it reclaims the sleepqueue and may begin executing on a different CPU before sleepq_resume_thread() returns. This leaves a window during which it may go back to sleep and incorrectly be awoken again by the caller of sleepq_broadcast(). Reported and tested by: pho MFC after: 3 days Sponsored by: Dell EMC Isilon
svn path=/head/; revision=310423
2016-12-22 17:51:44 +00:00 · 2016-12-22 17:51:44 +00:00 · aa3c544349 · 2020-12-20 02:59:44 +00:00
commit aa3c544349
parent 57a9273f93
1 changed files with 2 additions and 2 deletions
--- a/sys/kern/subr_sleepqueue.c
+++ b/sys/kern/subr_sleepqueue.c
@ -880,7 +880,7 @@ int
 sleepq_broadcast(void *wchan, int flags, int pri, int queue)
 {
 	struct sleepqueue *sq;
-	struct thread *td;
+	struct thread *td, *tdn;
 	int wakeup_swapper;

 	CTR2(KTR_PROC, "sleepq_broadcast(%p, %d)", wchan, flags);
@ -894,7 +894,7 @@ sleepq_broadcast(void *wchan, int flags, int pri, int queue)

 	/* Resume all blocked threads on the sleep queue. */
 	wakeup_swapper = 0;
-	while ((td = TAILQ_FIRST(&sq->sq_blocked[queue])) != NULL) {
+	TAILQ_FOREACH_SAFE(td, &sq->sq_blocked[queue], td_slpq, tdn) {
 		thread_lock(td);
 		wakeup_swapper |= sleepq_resume_thread(sq, td, pri);
 		thread_unlock(td);