#
316af091 |
| 18-Jul-2023 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): Print `waiting for devices' normally once a minute.
|
#
17655d5d |
| 23-May-2023 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): Omit config_detach kernel lock assertion too for now.
like in config_attach_pseudo, this assertion almost certainly indicates real bugs, but let's try to get the tests back and running
autoconf(9): Omit config_detach kernel lock assertion too for now.
like in config_attach_pseudo, this assertion almost certainly indicates real bugs, but let's try to get the tests back and running again before addressing those.
show more ...
|
#
d9261f69 |
| 23-May-2023 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): Omit config_attach_pseudo kernel lock assertion for now.
Breaks too many things that I didn't test in the branch (cgd, fss, &c.); let's address all forty-odd cases before turning it on.
|
#
cfc732c2 |
| 22-May-2023 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): New functions for referenced attach/detach.
New functions:
- config_found_acquire(dev, aux, print, cfargs) - config_attach_acquire(parent, cf, aux, print, cfargs) - config_attach_pseud
autoconf(9): New functions for referenced attach/detach.
New functions:
- config_found_acquire(dev, aux, print, cfargs) - config_attach_acquire(parent, cf, aux, print, cfargs) - config_attach_pseudo_acquire(cf, aux) - config_detach_release(dev, flags) - device_acquire(dev)
The config_*_acquire functions are like the non-acquire versions, but they return a referenced device_t, which is guaranteed to be safe to use until released. The device's detach function may run while it is referenced, but the device_t will not be freed and the parent's .ca_childdetached routine will not be called.
=> config_attach_pseudo_acquire additionally lets you pass an aux argument to the device's .ca_attach routine, unlike config_attach_pseudo which always passes NULL.
=> Eventually, config_found, config_attach, and config_attach_pseudo should be made to return void, because use of the device_t they return is unsafe without the kernel lock and difficult to use safely even with the kernel lock or in a UP system. For now, they require the caller to hold the kernel lock, while config_*_acquire do not.
config_detach_release is like device_release and then config_detach, but avoids the race inherent with that sequence.
=> Eventually, config_detach should be eliminated, because getting at the device_t it needs is unsafe without the kernel lock and difficult to use safely even with the kernel lock or in a UP system. For now, it requires the caller to hold the kernel lock, while config_detach_release does not.
device_acquire acquires a reference to a device. It never fails and can be used in thread context (but not interrupt context, hard or soft). Caller is responsible for ensuring that the device_t cannot be freed; in other words, the device_t must be made unavailable to any device_acquire callers before the .ca_detach function returns. Typically device_acquire will be used in a read section (mutex, rwlock, pserialize, &c.) in a data structure lookup, with corresponding logic in the .ca_detach function to remove the device from the data structure and wait for all read sections to complete.
Proposed on tech-kern: https://mail-index.netbsd.org/tech-kern/2023/05/10/msg028889.html
show more ...
|
#
45504282 |
| 21-Apr-2023 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): Add a comment where we risk arithmetic overflow.
|
#
eb01faa8 |
| 16-Apr-2023 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): Assert alldevs_lock held in config_unit_nextfree.
The one caller, config_unit_alloc, guarantees it through config_alldevs_enter/exit.
|
#
b19049b1 |
| 16-Apr-2023 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): Avoid potential ABA bug in config_makeroom.
When we unlock alldevs_lock to allocate a new cd_devs array nsp, other threads may have:
1. freed the old one (osp), 2. done some other memo
autoconf(9): Avoid potential ABA bug in config_makeroom.
When we unlock alldevs_lock to allocate a new cd_devs array nsp, other threads may have:
1. freed the old one (osp), 2. done some other memory allocation, 3. allocated a new _larger_ array whose address happens to concide with osp (e.g., in (2) the page was recycled for a different pool cache), and 4. updated cd_devs back to osp but increased cd_ndevs.
In that case, the memory may be corrupted: we try to copy the wrong number of device_t pointers into nsp and we free osp with the wrong (stale) length.
Avoid this by checking whether cd_ndevs has changed too -- if not, osp might have been recycled but at least the lengths we're about to copy and free are still correct so there's no harm in an ABA situation.
XXX pullup-8 XXX pullup-9 XXX pullup-10
show more ...
|
#
ac567aac |
| 22-Feb-2023 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): Clarify assertions about iattr in config_search.
|
#
e280d0c0 |
| 13-Sep-2022 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): New diagnostic to detect double-detach.
- Rename dv_detached -> dv_detach_committed. - Add dv_detach_done, asserted false and then set in config_detach.
dv_detach_done may appear redun
autoconf(9): New diagnostic to detect double-detach.
- Rename dv_detached -> dv_detach_committed. - Add dv_detach_done, asserted false and then set in config_detach.
dv_detach_done may appear redundant with dv_del_gen, but dv_del_gen will be used to safely detect config_detach on two valid references to a device (e.g., a bus detaching its child concurrently with drvctl detaching the same child), while dv_detach_done is strictly a diagnostic to detect races in the config_detach API.
Currently the config_detach API itself is unsafe, but we can add a config_detach_release function that simultaneously releases and detaches a referenced device_t; this will continue to use dv_del_gen to safely avoid multiple detach, and dv_detach_done to check for races in usage.
show more ...
|
#
fbfb761e |
| 13-Sep-2022 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): Improve diagnostics for config_detach_enter/commit/exit.
|
#
964753ba |
| 24-Aug-2022 |
riastradh <riastradh@NetBSD.org> |
pmf(9): *_child_register never fails. Make it return void.
No kernel bump because this isn't documented or used in any modules, only in dev/pci/pci.c and dev/cardbus/cardbus.c which are as far as I
pmf(9): *_child_register never fails. Make it return void.
No kernel bump because this isn't documented or used in any modules, only in dev/pci/pci.c and dev/cardbus/cardbus.c which are as far as I know always statically linked into the kernel.
The next change, however, will require a revbump -- to make pmf_device_register return void so we can prune vast swaths of dead error branches.
show more ...
|
#
76add943 |
| 24-Aug-2022 |
riastradh <riastradh@NetBSD.org> |
kern: device_pmf_driver_register never fails, so make it return void.
No ABI bump despite change to device.h because this is used only inside autoconf.
|
#
73d31cd9 |
| 12-Aug-2022 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): Provide diagnostics for config_detach_* misuse.
|
#
ca691b8e |
| 28-Mar-2022 |
riastradh <riastradh@NetBSD.org> |
sys: Split struct device into a private device_impl.h.
Include this only inside autoconf itself, and a few files that abuse autoconf in ways I can't confidently make easy fixes for.
XXX kernel ABI
sys: Split struct device into a private device_impl.h.
Include this only inside autoconf itself, and a few files that abuse autoconf in ways I can't confidently make easy fixes for.
XXX kernel ABI change requires bump -- no more use of struct device internals allowed, previously done by some drivers
show more ...
|
#
1fa5983f |
| 28-Mar-2022 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): Disentangle slightly circuitous config_detach logic.
No functional change intended.
|
#
2a54bc03 |
| 28-Mar-2022 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): New function config_detach_commit.
When a driver's .ca_detach function has committed to detaching -- it definitely won't back out with EBUSY, for instance -- it can call this to wake al
autoconf(9): New function config_detach_commit.
When a driver's .ca_detach function has committed to detaching -- it definitely won't back out with EBUSY, for instance -- it can call this to wake all pending calls to device_lookup_acquire and make them fail immediately.
This is necessary to break a deadlock if the device_lookup_acquire calls happen inside I/O operations which the driver's .ca_detach function waits for the completion of -- without config_detach_commit, I/O operations would be stuck in device_lookup_acquire waiting for .ca_detach and .ca_detach would be stuck waiting for I/O operations to return.
Most drivers won't need to call this: for autoconf drivers used the traditional way by devsw for userland device nodes, the .ca_detach routine uses vdevgone, and we will arrange to make vdevgone call config_detach_commit automagically in such drivers anyway.
XXX kernel ABI change to struct device requires bump -- later change will make struct device opaque to ABI, but we're not there yet
show more ...
|
#
abbfe73c |
| 28-Mar-2022 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): New localcount-based device instance references.
device_lookup_acquire looks up an autoconf device instance, if found, and acquires a reference the caller must release with device_relea
autoconf(9): New localcount-based device instance references.
device_lookup_acquire looks up an autoconf device instance, if found, and acquires a reference the caller must release with device_release. If attach or detach is still in progress, device_lookup_acquire waits until it completes. While references are held, the device's softc will not be freed or reused until the last reference is released.
The reference is meant to be held while opening a device in the short term, and then to be passed off to a longer-term reference that can be broken explicitly by detach -- usually a device special vnode, which is broken by vdevgone in the driver's *_detach function.
Sleeping while holding a reference is allowed, e.g. waiting to open a tty. A driver must arrange that its *_detach function will interrupt any threads sleeping while holding references and cause them to back out so that detach can complete promptly.
Subsequent changes to subr_devsw.c will make bdev_open and cdev_open automatically take a reference to an autoconf instance for drivers that opt into this, so there will be no logic changes needed in most drivers other than to connect the autoconf cfdriver to the bdevsw/cdevsw I/O operation tables. The effect will be that *_detach may run while d_open is in progress, but no new d_open can begin until *_detach has backed out from or committed to detaching.
XXX kernel ABI change to struct device requires bump -- later change will make struct device opaque to ABI, but we're not there yet
show more ...
|
#
fabe8c5b |
| 21-Mar-2022 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): Enter more timing samples into entropy pool.
Previously, we sampled the time of each _failed_ config_search. I'm not sure why -- there was no explanation in the comment or the commit m
autoconf(9): Enter more timing samples into entropy pool.
Previously, we sampled the time of each _failed_ config_search. I'm not sure why -- there was no explanation in the comment or the commit message introducing this in rev. 1.230.2.1 on tls-earlyentropy.
With this change, we sample the time of _every_ search including the successful ones -- and also measure the time to attach which often includes things like probing device registers, triggering device reset and waiting for it to post, &c.
show more ...
|
#
d26fcc45 |
| 12-Mar-2022 |
riastradh <riastradh@NetBSD.org> |
autoconf(9): Refuse to consider negative unit numbers in cfdata.
Reported-by: syzbot+a63ae6c58df86f40b6f3@syzkaller.appspotmail.com
|
#
9ae701ce |
| 06-Feb-2022 |
tnn <tnn@NetBSD.org> |
move attribute before function declarator
|
#
fbffc61f |
| 06-Feb-2022 |
martin <martin@NetBSD.org> |
Revert previous, mark cfdriver_iattr_count as __diagused instead.
|
#
dec87e56 |
| 05-Feb-2022 |
martin <martin@NetBSD.org> |
cfdriver_iattr_count() is only used in a KASSERT, so #ifdef DIAGNOSTIC it.
|
#
f72c9527 |
| 29-Jan-2022 |
riastradh <riastradh@NetBSD.org> |
pmf(9): Conditionalize pmflock_debug output on PMFLOCK_DEBUG.
This is really only helpful for debugging the software logic to handle the trees of devices for suspend/resume, not for debugging the dr
pmf(9): Conditionalize pmflock_debug output on PMFLOCK_DEBUG.
This is really only helpful for debugging the software logic to handle the trees of devices for suspend/resume, not for debugging the drivers, which is most of what we need to do. If anyone still finds this useful they can make a sysctl knob for it or something, but for now this substantially reduces the amount of debug output that's getting in my way.
show more ...
|
#
286d90c8 |
| 31-Dec-2021 |
riastradh <riastradh@NetBSD.org> |
libkern: Make KASSERT verify expression is valid if !DIAGNOSTIC.
This way it is no longer necessary to mark variables __diagused if they are used in KASSERT conditions.
Fix fallout from this by rem
libkern: Make KASSERT verify expression is valid if !DIAGNOSTIC.
This way it is no longer necessary to mark variables __diagused if they are used in KASSERT conditions.
Fix fallout from this by removing now-unnecessary and `#ifdef DIAGNOSTIC'.
Don't do the same for KDASSERT if !DEBUG -- unlike KASSERT and DIAGNOSTIC, variables needed by KDASSERT and DEBUG are likely to be expensive to compute (and potentially difficult for a compiler to prove flushable), so we don't want to require them under !DEBUG.
show more ...
|
#
3b559736 |
| 11-Oct-2021 |
jmcneill <jmcneill@NetBSD.org> |
Squash "holding up boot" messages into a single line, and only print the device list if no progress has been made in 1 second.
|