From 9b0cd8e797f5b53894a96e875a71b3c49b59c829 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 10 Oct 2021 10:09:54 +0000 Subject: [PATCH 1/3] audio(9): Call hw_if->getdev without sc_lock. Holding sc_lock is not necessary -- I reviewed all ~70 cases in-tree, and none of them rely on state protected by sc_lock. Essentially everything just copies from static data or data initialized at attach time. (Exceptions: tms320av110.c issues a bus_space_read_1, but I don't see any reason why that needs to be serialized; and uaudio.c reads from sc_dying, but that's not necessary and also not protected by sc_lock anyway.) Holding sc_lock is harmful because at least hdafg(4) can trigger module autoload that leads to pserialize_perform, which waits for logic to run at softint serial on all CPUs; at the same time, audio_softintr_rd/wr run at softint serial and take sc_lock, so this leads to deadlock. --- sys/dev/audio/audio.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/sys/dev/audio/audio.c b/sys/dev/audio/audio.c index 23782d26496d..c13b07f272b6 100644 --- a/sys/dev/audio/audio.c +++ b/sys/dev/audio/audio.c @@ -114,7 +114,7 @@ * halt_output x x + * halt_input x x + * speaker_ctl x x - * getdev - x + * getdev - - * set_port - x + * get_port - x + * query_devinfo - x @@ -3113,9 +3113,7 @@ audio_ioctl(dev_t dev, struct audio_softc *sc, u_long cmd, void *addr, int flag, break; case AUDIO_GETDEV: - mutex_enter(sc->sc_lock); error = sc->hw_if->getdev(sc->hw_hdl, (audio_device_t *)addr); - mutex_exit(sc->sc_lock); break; case AUDIO_GETENC: @@ -8291,9 +8289,7 @@ mixer_ioctl(struct audio_softc *sc, u_long cmd, void *addr, int flag, case AUDIO_GETDEV: TRACE(2, "AUDIO_GETDEV"); - mutex_enter(sc->sc_lock); error = sc->hw_if->getdev(sc->hw_hdl, (audio_device_t *)addr); - mutex_exit(sc->sc_lock); break; case AUDIO_MIXER_DEVINFO: From 84cb80dee5100ce701724ff24688f38a42c1a5d9 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 10 Oct 2021 10:16:33 +0000 Subject: [PATCH 2/3] pserialize(9): Lift rule that pserialize_perform be serialized. There may have been a technical reason for this back when we were following the expired passive serialization patent to the letter, but no more -- and this is a real burden for some applications. --- share/man/man9/pserialize.9 | 12 +++++++----- sys/kern/subr_pserialize.c | 12 ++---------- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/share/man/man9/pserialize.9 b/share/man/man9/pserialize.9 index 75bd3fa85d61..f6669c306aab 100644 --- a/share/man/man9/pserialize.9 +++ b/share/man/man9/pserialize.9 @@ -67,9 +67,10 @@ Takes the IPL value returned by .It Fn pserialize_perform Perform the passive serialization on the writer side. Passing of this function ensures that no readers are in action. -Writers must be additionally serialized with a separate mechanism, -e.g. -.Xr mutex 9 . +Writers are typically additionally serialized with a separate +mechanism, e.g. +.Xr mutex 9 , +to remove objects used by readers from a published list. Operation blocks and it may only be performed from thread context. .El .\" ----- @@ -152,14 +153,15 @@ readers: break; } } + mutex_exit(&frobbotzim.lock); + /* * Wait for all existing readers to complete. New readers will * not see f because the list no longer points to it. */ pserialize_perform(frobbotzim.psz); - /* Now nobody else can be touching f, so it is safe to free. */ - mutex_exit(&frobbotzim.lock); + /* Now nobody else can be touching f, so it is safe to free. */ if (f != NULL) pool_put(&frotz_pool, f); .Ed diff --git a/sys/kern/subr_pserialize.c b/sys/kern/subr_pserialize.c index 48424385cf77..249c9c58f16c 100644 --- a/sys/kern/subr_pserialize.c +++ b/sys/kern/subr_pserialize.c @@ -43,7 +43,7 @@ __KERNEL_RCSID(0, "$NetBSD: subr_pserialize.c,v 1.17 2019/12/05 03:21:29 riastra #include struct pserialize { - lwp_t * psz_owner; + char psz_dummy; }; static kmutex_t psz_lock __cacheline_aligned; @@ -86,16 +86,13 @@ void pserialize_destroy(pserialize_t psz) { - KASSERT(psz->psz_owner == NULL); kmem_free(psz, sizeof(*psz)); } /* * pserialize_perform: * - * Perform the write side of passive serialization. This operation - * MUST be serialized at a caller level (e.g. with a mutex or by a - * single-threaded use). + * Perform the write side of passive serialization. */ void pserialize_perform(pserialize_t psz) @@ -107,22 +104,17 @@ pserialize_perform(pserialize_t psz) if (__predict_false(panicstr != NULL)) { return; } - KASSERT(psz->psz_owner == NULL); if (__predict_false(mp_online == false)) { psz_ev_excl.ev_count++; return; } - psz->psz_owner = curlwp; - /* * Broadcast a NOP to all CPUs and wait until all of them complete. */ xc_barrier(XC_HIGHPRI); - KASSERT(psz->psz_owner == curlwp); - psz->psz_owner = NULL; mutex_enter(&psz_lock); psz_ev_excl.ev_count++; mutex_exit(&psz_lock); From 5f4163fb7353cf4ce331359f246acaac727791b6 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 10 Oct 2021 10:18:01 +0000 Subject: [PATCH 3/3] audio(9): Issue pserialize_perform outside sc_lock in audiodetach. Breaks another deadlock between sc_lock and high-priority xcalls at softint serial. With any luck, this should be the last such softint deadlock in audio! --- sys/dev/audio/audio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/audio/audio.c b/sys/dev/audio/audio.c index c13b07f272b6..1193aa2ade7a 100644 --- a/sys/dev/audio/audio.c +++ b/sys/dev/audio/audio.c @@ -1322,6 +1322,7 @@ audiodetach(device_t self, int flags) SLIST_FOREACH(file, &sc->sc_files, entry) { atomic_store_relaxed(&file->dying, true); } + mutex_exit(sc->sc_lock); /* * Wait for existing users to drain. @@ -1331,7 +1332,6 @@ audiodetach(device_t self, int flags) * be psref_released. */ pserialize_perform(sc->sc_psz); - mutex_exit(sc->sc_lock); psref_target_destroy(&sc->sc_psref, audio_psref_class); /*