Page MenuHomeFreeBSD

callout: Wait for the softclock thread to switch before rescheduling
ClosedPublic

Authored by markj on Dec 31 2021, 5:02 PM.
Tags
None
Referenced Files
F106952746: D33709.id100794.diff
Wed, Jan 8, 12:08 AM
F106952038: D33709.id100789.diff
Tue, Jan 7, 11:50 PM
Unknown Object (File)
Tue, Dec 10, 10:18 PM
Unknown Object (File)
Nov 18 2024, 2:55 PM
Unknown Object (File)
Oct 15 2024, 11:14 AM
Unknown Object (File)
Oct 1 2024, 2:06 PM
Unknown Object (File)
Sep 22 2024, 11:08 PM
Unknown Object (File)
Sep 8 2024, 6:57 PM
Subscribers
None

Details

Summary

When a softclock thread prepares to go off-CPU, the following happens in
the context of the thread:

  1. callout state is locked
  2. thread state is set to IWAIT
  3. thread lock is switched from the tdq lock to the callout lock
  4. tdq lock is released
  5. sched_switch() sets td_lock to &blocked_lock
  6. sched_switch() releases old td_lock (callout lock)
  7. sched_switch() removes td from its runqueue
  8. cpu_switch() sets td_lock back to the callout lock

Suppose a timer interrupt fires while the softclock thread is switching
off, and callout_process() schedules the softclock thread. Then there
is a window where callout_process() can call sched_add() while td_lock
is &blocked_lock, but this is not permitted since the thread is not
logically locked.

callout_process() needs to spin waiting for the softclock thread to
finish switching off (i.e., after step 8 completes) before rescheduling
it.

Reported by: syzbot+fb44dbf6734ff492c337@syzkaller.appspotmail.com
Fixes: 74cf7cae4d22 ("softclock: Use dedicated ithreads for running callouts.")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj requested review of this revision.Dec 31 2021, 5:02 PM
markj created this revision.
This revision is now accepted and ready to land.Dec 31 2021, 5:19 PM

Thanks, was just debugging this. I guess the fact that ithreads still don't use a real thread lock is what threw me off.