On 07/30/09 15:39, Pawel Jakub Dawidek wrote: > On Thu, Jul 30, 2009 at 11:31:41PM +0200, Pawel Jakub Dawidek wrote: >> On Thu, Jul 30, 2009 at 11:25:19PM +0200, Pawel Jakub Dawidek wrote: >>> Hello. >>> >>> In the traverse_impl() function we can find this call: >>> >>> if (!(flags & TRAVERSE_PREFETCH) || >>> 0 == taskq_dispatch(system_taskq, traverse_prefetch_thread, >>> &td, TQ_NOQUEUE)) >>> pd.pd_exited = B_TRUE; >>> >>> Which should call the traverse_prefetch_thread() function with td >>> argument from a separate thread. This doesn't look safe, as td is >>> allocated on the stack at the begining of traverse_impl() and won't be >>> accessible from taskq thread. >>> >>> Is my understanding correct? >> Actually it should be fine, unless kernel thread stacks are swapable in >> Solaris. > > Ok, I'm sending mails too fast. If traverse_impl() will return before > task is complete, td can be overwritten by entering another function. > So it cannot return before task is completed or there is a bug?
It looks safe to me: traverse_impl() waits on pd_exited() under protection of pd_mtx before exiting. Meanwhile traverse_prefetch_thread() will set pd_exited under pd_mtx and broadcast before exiting.
