From dd776f45931864d3dc83296ed205d25c77f3875e Mon Sep 17 00:00:00 2001 From: "Jonathan T. Looney" Date: Thu, 8 Jun 2017 20:47:18 +0000 Subject: [PATCH] With EARLY_AP_STARTUP enabled, we are seeing crashes in softclock_call_cc() during bootup. Debugging information shows that softclock_call_cc() is trying to execute the vt_consdev.vd_timer callout, and the callout structure contains a NULL c_func. This appears to be due to a race between vt_upgrade() running callout_reset() and vt_resume_flush_timer() calling callout_schedule(). Fix the race by ensuring that vd_timer_armed is always set before attempting to (re)schedule the callout. Discussed with: emaste MFC after: 2 weeks Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D9828 --- sys/dev/vt/vt_core.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/sys/dev/vt/vt_core.c b/sys/dev/vt/vt_core.c index 47eafdc0a3b..3c572e05634 100644 --- a/sys/dev/vt/vt_core.c +++ b/sys/dev/vt/vt_core.c @@ -2610,10 +2610,17 @@ vt_upgrade(struct vt_device *vd) /* Init 25 Hz timer. */ callout_init_mtx(&vd->vd_timer, &vd->vd_lock, 0); - /* Start timer when everything ready. */ + /* + * Start timer when everything ready. + * Note that the operations here are purposefully ordered. + * We need to ensure vd_timer_armed is non-zero before we set + * the VDF_ASYNC flag. That prevents this function from + * racing with vt_resume_flush_timer() to update the + * callout structure. + */ + atomic_add_acq_int(&vd->vd_timer_armed, 1); vd->vd_flags |= VDF_ASYNC; callout_reset(&vd->vd_timer, hz / VT_TIMERFREQ, vt_timer, vd); - vd->vd_timer_armed = 1; register_handlers = 1; }