gitweb.dragonflybsd.org Git - freebsd.git/commit

author	truckman <truckman@FreeBSD.org>
	Fri, 8 Jul 2016 02:52:39 +0000 (02:52 +0000)
committer	truckman <truckman@FreeBSD.org>
	Fri, 8 Jul 2016 02:52:39 +0000 (02:52 +0000)
commit	d2c3585acea931bc4345759421537448a8a0ccd0
tree	025656ac452dd9ecdab3028919d6fe43e3b5ef9d	tree \| snapshot
parent	4cd5553df9068f8cda61b9786a2a1950e2bf550d	commit \| diff

MFC r302338

Fix a race condition between the main thread in aqm_pie_cleanup() and the
callout thread that can cause a kernel panic.  Always do the final cleanup
in the callout thread by passing a separate callout function for that task
to callout_reset_sbt().

Protect the ref_count decrement in the callout with DN_BH_WLOCK().  All
other ref_count manipulation is protected with this lock.

There is still a tiny window between ref_count reaching zero and the end
of the callout function where it is unsafe to unload the module.  Fixing
this would require the use of callout_drain(), but this can't be done
because dummynet holds a mutex and callout_drain() might sleep.

Remove the callout_pending(), callout_active(), and callout_deactivate()
calls from calculate_drop_prob().  They are not needed because this callout
uses callout_init_mtx().

Submitted by: Rasool Al-Saadi <ralsaadi@swin.edu.au>
Differential Revision: https://reviews.freebsd.org/D6928