After discussions with jeff, alc, (various Ironport people), david Xu,
and mostly Alfred (who found the problem) it has been demonstrated that this
is not needed for our implementations of threads and represents a real
(as in we've seen it happen a lot) deadlock danger.
Several points:
Since forking multiple threads is not allowed, and posix states that
any mutexes owned by othre threads wilol be owned in the child by
phantom threads, and therads shouldn't ba accessing shared structures without
protection, It can be proved that if this leads to the child process accessing
inconsistent data, it's a programming error.
The mode of thread_single() being used in fork() is the wrong one.
It is using SINGLE_NO_EXIT when it should be using SINGLE_BOUNDARY.
Even if this we used, System processes have no need to do it as they have
no userland to get inconsistent.
This commmit first fixes the above bugs to get tehm correct in CVS.
then removes them with #ifdef.
This is so that history contains the corrected version should it
be needed in the future.
This code may be needed if we implement the forkall() syscall from
Solaris. It may be needed for other non-posix thread libraries
at some time in the future, so let the code sit for a short while
while I do some work on it anyhow.
This removes a reproducible lockup in NFS.
It may be argued that maybe doing a fork while holding a vnode lock may
not be the best idea in th efirst place but it shouldn't cause a deadlock.
The removal has been running under soak test for several days now.
This removal should be seriously considered for 7.0 and RELENG_6.
Note. There is code in the core-dumping code that may have a similar problem
with coredumping threaded processes
MFC After: 4 days
the ones mentioned in its log message:
For mount-update from rw to ro:
- don't misuse the MNT_FORCE flag to break error handling for mark volume
to clean.
- mark volume back to dirty if g_access() failed (not just if mark volume
to clean failed).
- clear pm_fmod on success. pm_fmod is bogus, since it is only used to
cause a panic in unreachable code when we forgot to clear it here, but
something like it will be needed.
For mount-update from rw to ro and from ro to rw:
- don't forget to lock mp when changing mp->mnt_flag. Giant locking
may make this unnecessary, but it is simpler to copy what ffs does.
Most of the style changes are near here, to copy ffs's cleaner code.
For unmount:
- don't misuse the MNT_FORCE flag to break error handling for mark volume
to clean. Failure of markvoldirty() is similar to failure of
ffs_subupdate() in ffs, and ffs has never used MNT_FORCE to ignore
the corresponding error. MNT_FORCE for unmount _should_ force the
unmount to succeed, but forcing away of write errors has never been
supported.
- explicitly return 0 instead of `error' in msdosfs_unmount() after
committing to success. This is now just a style fix. With errors from
markvoldirty() ignored in the MNT_FORCE case, any error in markvoldirty()
caused a nonzero `error' to be returned despite committing to success.
Upper layers soon paniced trying to back out of the committed unmount.
This bug used to be present in another form in most file systems.
VOP_CLOSE() was called after committing to success, so it was necessary
to force the VOP_CLOSE() to succeed. This was not done; instead,
VOP_CLOSE()'s error code was returned to upper layers so upper layers
soon paniced if VOP_CLOSE() failed. I saw this panic only with a buggy
device driver with a missing close method, but VOP_CLOSE() can easily
fail in theory, with errors like EDQUOT and EIO for unwriteable output.
Now the bug has moved. g_vfs_close() is called instead of VOP_CLOSE(),
and it returns void so unmount vops cannot even detect errors in it.
Hopefully, errors in it only occur when there are other bugs. E.g.,
with the MNT_FORCE bug in msdosfs_close(), when markvoldirty() in
umount failed due to the bugs in mount-update, and when this was the
only write error, g_vfs_close() was reached despite the write error
being detected earlier; it found one unwriteable buffer which it can
only report via printf; then after fixing the panic, umount(2)
"succeeded" but the unwriteable buffer was left in the buffer cache
and/or VMIO object to spam the console with printfs about failed
write attempts, until the next rw mount when the write succeeds,
possibly clobbering different media.
kern/sched_ule.c - Add __powerpc__ to the list of supported architectures
powerpc/conf/GENERIC - Swap SCHED_4BSD with SCHED_ULE
powerpc/powerpc/genassym.c - Export TD_LOCK field of thread struct
powerpc/powerpc/swtch.S - Handle new 3rd parameter to cpu_switch() by
updating the old thread's lock. Note: uniprocessor-only, will require
modification for MP support.
powerpc/powerpc/vm_machdep.c - Set 3rd param of cpu_switch to mutex of
old thread's lock, making the call a no-op.
Reviewed by: marcel, jeffr (slightly older version)
a module was loaded might make the pathname inaccurate.
I wonder if an inode reference should be stored with the pathname
to allow a validity check?
Suggested by: rwatson@
Specifically, if two threads were doing concurrent lookups and the existing
gateway was marked down, the the first thread would drop a reference on the
gateway route and then unlock the "root" route while it tried to allocate
a new route. The second thread could then also drop a reference on the
same gateway route resulting in a reference underflow. Fix this by
clearing the gateway route pointer after dropping the reference count but
before dropping the lock. Secondly, in this same case, the second thread
would overwrite the gateway route pointer w/o free'ing a reference to the
route installed by the first thread. In practice this would probably just
fix a lost reference that would result in a route never being freed.
This fixes panics observed in rt_check() and rtexpunge().
MFC after: 1 week
PR: kern/112490
Insight from: mehuljv at yahoo.com
Reviewed by: ru (found the "not-setting it to NULL" part)
Tested by: several
- markvoldirty() needs to write to underlying GEOM provider. We
have to do that *before* g_access() which sets the GEOM provider
to read-only.
- Remove dirty flag before free'ing iconv related resources. The
dirty flag removal could fail, and it is hard to revert the
iconv-free after the fail.
- Mark volume as dirty if we have failed to mark it clean for safe.
- Other style fixes to the touched functions.
threading library.
- Now that libpthread is a symlink, it's no longer possible
to link applications with libpthread and have libmap.conf(5)
select the desired threading library; applications will be
linked to the default threading library, libkse or libthr.
Remove an obsolete paragraph.
- Mention that improvements can be seen compared to libkse.
Reviewed by: deischen, davidxu
so that when using named from the ports (or elsewhere) the proper rndc*
commands will be run.
2. Rework the stop routine using ideas from brooks and delphij.
Specifically I am duplicating a lot of code from rc.subr's stop routine
so that this one will behave more like the one in rc.subr, but use rndc
to kill the daemon (or regular kill if that fails). This also avoids
the problems related to using killall if rndc fails, which is bad if
you're running more than one named on the same box.
3. Take a concept from gshapiro and allow the rndc.key file to be
owned by root OR the named_uid user.
Although I used different solutions, this commit handles issues raised in:
PR: conf/73929
PR: conf/103976
PR: conf/109409
cache: vnode_pager_setsize() must handle the case where a file is
truncated to a non-page-size-aligned boundary and there is a cached
page underlying the new end of file.
Reported by: kris, tegge
Tested by: kris
MFC after: 3 days
since revision 1.1. Specifically, neither traversal of the vm map checks
whether the end of the vm map has been reached. Consequently, the first
traversal can wrap around and bogusly return an error.
This error has gone unnoticed for so long because no one had ever before
tried msync(2)ing a region above the stack.
Reported by: peter
MFC after: 1 week
for kldstat(2).
This allows libdtrace to determine the exact file from which
a kernel module was loaded without having to guess.
The kldstat(2) API is versioned with the size of the
kld_file_stat structure, so this change creates version 2.
Add the pathname to the verbose output of kldstat(8) too.
MFC: 3 days
aligned, GCC 4.2.1 also generates code for sendudp() that assumes
this alignment. GCC 4.2.1 however doesn't 32-bit align wbuf, causing
the loader to crash due to an unaligned access of wbuf in sendudp()
when netbooting sparc64. Solve this by specifying wbuf as packed and
32-bit aligned, too. As for lastdata and readudp() this currently is
no issue when compiled with GCC 4.2.1, though give lastdata the same
treatment as wbuf for consistency and possibility of being affected
in the future. [1]
- Sprinkle const on a lookup table.
Reported by: marcel [1]
Submitted by: yongari [1]
Reviewed by: marcel [1]
MFC after: 5 days
to kproc_xxx as they actually make whole processes.
Thos makes way for us to add REAL kthread_create() and friends
that actually make theads. it turns out that most of these
calls actually end up being moved back to the thread version
when it's added. but we need to make this cosmetic change first.
I'd LOVE to do this rename in 7.0 so that we can eventually MFC the
new kthread_xxx() calls.
optimization level (-march=pentium-mmx for example) does not insert
intermediate ops which would trash the carry.
Change both sys/i386/i386/in_cksum.c[1] and sys/i386/include/in_cksum.h.
To my best understanding the same problem was addressed in rev. 1.16
of src/sys/i386/include/in_cksum.h for just a single function 3y ago.
Reviewed by: jhb
Submitted by: Zhouyi ZHOU <zhouzhouyi FreeBSD.org> (intial version of [1])
MFC after: 5 days
PR: 115678, 69257
test MK_INSTALLLIB, users can set WITHOUT_INSTALLLIB. The old
NO_INSTALLLIB is still supported as several makefiles set it.
- While here, fix an install when instructed not to install libs
(usr.bin/lex/lib/Makefile).
PR: bin/114200
Submitted by: Henrik Brix Andersen
-h bindip
Specify specific IP addresses to bind to for TCP and UDP requests.
This option may be specified multiple times. If no -h option is
specified, mountd will bind to INADDR_ANY. Note that when specifying
IP addresses with -h, mountd will automatically add 127.0.0.1 and if
IPv6 is enabled, ::1 to the list.
PR: bin/114097
Reviewed by: pjd (an eariler version of the patch)
MFC after: 1 week