Re: Sleeping on isp_mboxwaiting with the followingnon-sleepablelocks held:

2003-10-23 Thread Matthew Jacob 

So you're theory here is that that all code that may be necessary to
start I/O but could take a while should be done out of band. That's a
reasonable response. The only problem is that you sometimes cannot
easily tell if things like timeout driven recovery/restart can be used.

The basic difference here I would guess might be that if I needed to do,
say, FC loop bringup or chip reprogramming after a reset in the isp
driver, I should try and do it off of the worker thread so I neither
slept nor polled from isp_start and always returned right away. I'll
start thinking about that.

-matt


On Thu, 23 Oct 2003, Poul-Henning Kamp wrote:

 In message [EMAIL PROTECTED], Matthew Jacob writes:

 [1]: by 'sleep', I mean if I do *my* locking right, I should be able to
 yield the processor and wait for an event (an interrupt in this case).

 Not so when your device driver is entered through the devsw-strategy()
 function, since that [cw]ould deadlock the entire disk-I/O system until
 you return back up.

 Ideally, devsw-strategy() should just queue the request and return
 immediately.  In a world where context switches were free, scheduling
 a task_queue to run foostart() (if necessary) would be the way to
 do things.

 Most drivers call their own foostart() from strategy(), and as long
 as foostart() does not go on long-term vacation, this is also OK,
 poking a few registers, doing a bit of BUSDMA work is acceptable.

 But sleeping is not OK, mostly because a lot of sleeps may not
 properly terminate in case of a memory shortage, and the way we
 clear up a memory shortage is to page something out, and to page
 something out we need to issue disk I/O, but somebody is holding
 that hostage by sleeping in a driver...

 I will conceede that there are a certain small class of legitimate
 sleeps that could be performed, unfortunately we can not automatically
 tell an OK sleep from a not OK sleep, and therefore the decision
 was to ban all sleeps, until such time as we had a case of something
 that could not be (sensibly) done without the ability to sleep.

 I realize that in this case, you're sitting below CAM and scsi_??.c
 and have very little say in what happens between devsw-strategy()
 and your driver.

 As I read the original report, this is a case of error-handling.
 Considering how long time error handling often takes and how
 imperfect results one gets a lot of the time, error handling
 should never strategy() sleep or take a long time, since that
 will eliminates the chances that the system can flush dirty data
 to other devices as part of a shutdown or panic.

 At some point soon, I plan to start measuring how much time
 drivers spend in their strategy() routine and any offenders
 will be put on notice because this is a brilliant way to hose
 our overall system performance.  I'm not going to set any
 specific performance goal at this time, but I think we can
 agree that more than one millisecond is way over the line.

 --
 Poul-Henning Kamp   | UNIX since Zilog Zeus 3.20
 [EMAIL PROTECTED] | TCP/IP since RFC 956
 FreeBSD committer   | BSD since 4.3-tahoe
 Never attribute to malice what can adequately be explained by incompetence.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Sleeping on isp_mboxwaiting with the followingnon-sleepablelocks held:

2003-10-22 Thread Matthew Jacob 


It isn't the cannot sleep from geometry calls that is twitting me a
bit, it's the I cannot tell at my call depth in the stack whether some
dork above can't tolerate a sleep[1]. If I've missed some usage point
with the SMP stuff that I *can* tell this with ease, enlighten me.

-matt


[1]: by 'sleep', I mean if I do *my* locking right, I should be able to
yield the processor and wait for an event (an interrupt in this case). A
yield might not actually do anything but call idle- if that's what is
appropriate. There are several things meant by cannot sleep- one is
deadlock avoidance and the other is thread of execution ordering. A
blanket cannot sleep sometimes can mean just plain poor design. I
don't really mean to be inflammatory here but I kinda *am* raising my
eyebrows here with a polite query of are you sure you really want to do
this this way?.

I mean, this particular instance isn't a big deal. Instead of waiting
for a mailbox event to clear I'll poll it, doing nothing useful
otherwise. It's a rare event, but it makes the system sluggish. There
are alternative designs that I could take at this level that would do
neither, but add greatly to code complexity at this level. No big deal,
but still...




On Wed, 22 Oct 2003, Poul-Henning Kamp wrote:

 In message [EMAIL PROTECTED], Matthew Jacob writes:

 Well, I don't agree with the design here, but it is what it is. I'll
 make the change that you've added a requirement for.

 This is nothing new, but it is new that we can and do enforce it.

 --
 Poul-Henning Kamp   | UNIX since Zilog Zeus 3.20
 [EMAIL PROTECTED] | TCP/IP since RFC 956
 FreeBSD committer   | BSD since 4.3-tahoe
 Never attribute to malice what can adequately be explained by incompetence.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]