git: kernel - Fix callout race and panic

Sun Aug 20 17:25:35 PDT 2017

commit 5596130dd4d89a15b19e1b2afd63c545942e89b2
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Sun Aug 20 17:09:27 2017 -0700

    kernel - Fix callout race and panic
    
    * Fix race (found by ivadasz) related to the IPI/WAIT code unblocking
      before the IPI is able to finish adjusting the knode and callout.
      The wait code was only waiting for the IPI counter to reach 0 via
      IPI_MASK, it also had to wait for the ARMED bit to get cleared.
    
    * Avoid retesting c->c_flags to handle WAITING bit change races.  Instead,
      fully integrate the test-and-clear of the WAITING bit into
      callout_unpend_disarm().
    
    * Fix an issue where callout_terminate() fails to IPI the remote cpu
      due to the function dispatch code clearing the ARMED bit.  No
      longer clear the ARMED bit.  This ensures that a termination or stop
      waits for the callout to return.
    
      This change means that synchronous callout operations to other cpus will
      be more expensive.  However, the kernel generally does not do cross-cpu
      callouts any more so its generally non-problem.
    
    * Remove the now unused callout_maybe_clear_armed() inline.
    
    * Also clear kn->kn_hook for EVFILT_TIMER when removing a callout, as
      a safety.
    
    Reported-by: ivadasz (Imre Vadasz)

Summary of changes:
 sys/kern/kern_event.c   |  2 +-
 sys/kern/kern_timeout.c | 72 ++++++++++++++++++++++++++++---------------------
 2 files changed, 42 insertions(+), 32 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/5596130dd4d89a15b19e1b2afd63c545942e89b2


-- 
DragonFly BSD source repository