VOID
NTAPI
CmpDereferenceKeyControlBlockWithLock(IN PCM_KEY_CONTROL_BLOCK Kcb,
IN BOOLEAN LockHeldExclusively)
{
CMTRACE(CM_REFERENCE_DEBUG,
"%s - Dereferencing KCB: %p\n", __FUNCTION__, Kcb);
/* Sanity check */
ASSERT_KCB_VALID(Kcb);
/* Check if this is the last reference */
if ((InterlockedDecrement((PLONG)&Kcb->RefCount) & 0xFFFF) == 0)
{
/* Sanity check */
ASSERT((CmpIsKcbLockedExclusive(Kcb) == TRUE) ||
(CmpTestRegistryLockExclusive() == TRUE));
/* Check if we should do a direct delete */
if (((CmpHoldLazyFlush) &&
!(Kcb->ExtFlags & CM_KCB_SYM_LINK_FOUND) &&
!(Kcb->Flags & KEY_SYM_LINK)) ||
(Kcb->ExtFlags & CM_KCB_NO_DELAY_CLOSE) ||
(Kcb->Delete))
{
/* Clean up the KCB*/
CmpCleanUpKcbCacheWithLock(Kcb, LockHeldExclusively);
}
else
{
/* Otherwise, use delayed close */
CmpAddToDelayedClose(Kcb, LockHeldExclusively);
}
}
}
VOID
NTAPI
CmpDereferenceKeyControlBlock(IN PCM_KEY_CONTROL_BLOCK Kcb)
{
LONG OldRefCount, NewRefCount;
ULONG ConvKey;
CMTRACE(CM_REFERENCE_DEBUG,
"%s - Dereferencing KCB: %p\n", __FUNCTION__, Kcb);
/* Get the ref count and update it */
OldRefCount = *(PLONG)&Kcb->RefCount;
NewRefCount = OldRefCount - 1;
/* Check if we still have references */
if ((NewRefCount & 0xFFFF) > 0)
{
/* Do the dereference */
if (InterlockedCompareExchange((PLONG)&Kcb->RefCount,
NewRefCount,
OldRefCount) == OldRefCount)
{
/* We'de done */
return;
}
}
/* Save the key */
ConvKey = Kcb->ConvKey;
/* Do the dereference inside the lock */
CmpAcquireKcbLockExclusive(Kcb);
CmpDereferenceKeyControlBlockWithLock(Kcb, FALSE);
CmpReleaseKcbLockByKey(ConvKey);
}
BOOLEAN
NTAPI
CmpReferenceKeyControlBlock(IN PCM_KEY_CONTROL_BLOCK Kcb)
{
CMTRACE(CM_REFERENCE_DEBUG,
"%s - Referencing KCB: %p\n", __FUNCTION__, Kcb);
/* Check if this is the KCB's first reference */
if (Kcb->RefCount == 0)
{
/* Check if the KCB is locked in shared mode */
if (!CmpIsKcbLockedExclusive(Kcb))
{
/* Convert it to exclusive */
if (!CmpTryToConvertKcbSharedToExclusive(Kcb))
{
/* Set the delayed close index so that we can be ignored */
Kcb->DelayedCloseIndex = 1;
/* Increase the reference count while we release the lock */
InterlockedIncrement((PLONG)&Kcb->RefCount);
/* Go from shared to exclusive */
CmpConvertKcbSharedToExclusive(Kcb);
/* Decrement the reference count; the lock is now held again */
InterlockedDecrement((PLONG)&Kcb->RefCount);
/* Check if we still control the index */
if (Kcb->DelayedCloseIndex == 1)
{
/* Reset it */
Kcb->DelayedCloseIndex = 0;
}
else
{
/* Sanity check */
ASSERT((Kcb->DelayedCloseIndex == CmpDelayedCloseSize) ||
(Kcb->DelayedCloseIndex == 0));
}
}
}
}
/* Increase the reference count */
if ((InterlockedIncrement((PLONG)&Kcb->RefCount) & 0xFFFF) == 0)
{
/* We've overflown to 64K references, bail out */
InterlockedDecrement((PLONG)&Kcb->RefCount);
return FALSE;
}
/* Check if this was the last close index */
if (!Kcb->DelayedCloseIndex)
{
/* Check if the KCB is locked in shared mode */
if (!CmpIsKcbLockedExclusive(Kcb))
{
/* Convert it to exclusive */
if (!CmpTryToConvertKcbSharedToExclusive(Kcb))
{
/* Go from shared to exclusive */
CmpConvertKcbSharedToExclusive(Kcb);
}
}
/* If we're still the last entry, remove us */
if (!Kcb->DelayedCloseIndex) CmpRemoveFromDelayedClose(Kcb);
}
/* Return success */
return TRUE;
}
/// <summary>
/// The method that is called when a thread proxy starts executing a particular context. The thread proxy which executes
/// the context is set in SetProxy before entering the dispatch loop and must be saved and returned on a call to the GetProxy method.
/// </summary>
/// <param name="pDispatchState">
/// The state under which this IExecutionContext is being dispatched.
/// </param>
void UMSSchedulingContext::Dispatch(DispatchState * pDispatchState)
{
const int PASS_COUNT_BEFORE_SLEEP_NORMAL = 1;
const int PASS_COUNT_BEFORE_SLEEP_ORIGINALLY_ACTIVATED = 5;
CONCRT_COREASSERT(m_pThreadProxy != NULL);
SetAsCurrentTls();
#if defined(_DEBUG)
DWORD fromBits = 0;
#endif // _DEBUG
for(;;)
{
int pass = 0;
UMSThreadInternalContext *pPreviousContext = static_cast<UMSThreadInternalContext *> (m_pBoundVProc->GetExecutingContext());
ScheduleGroupSegmentBase *pSegment = (pPreviousContext == NULL ? m_pBoundVProc->m_pStartingSegment : pPreviousContext->m_pSegment);
// **************************************************
// READ THIS:
//
// Yet another incredibly subtle point about where we get suspended.. There are times in the scheduling context's
// dispatch loop where we can't find work (the critical context is blocked, etc...) and we want to run through a
// Deactivate pass in order to put the vproc to sleep much as we do with an ordinary search for work in the dispatch loop. The unfortunate thing
// is that there's another context which thinks it this is its exclusive purview. We aren't going to try to maintain a complex state machine to
// be able to restore his expected state, so we spin if that's the case.
//
// Ordinarily, you might think that we can simply check m_pBoundVProc->IsAvailable, however, there might be a race on that such as what follows:
//
// - Context 1 on vproc A makes the vproc available and then blocks
// - Context 2 on vproc B claims exclusive ownership of the virtual processor (it suspends, takes a while, take your pick)
// - We get in here and see the virtual processor as not available so we think we're safe to make it available
// - We make the context available
// - Context 3 on vproc C claims exclusive ownership of the virtual processor (now 2 contexts think they have exclusive ownership)
//
// There are other potential races as well. What we really need to know is if there IS a context in the dispatch loop that has made the virtual
// processor available. It doesn't necessarily need to be pPreviousContext because the original context might have critically blocked in that region
// and we might be running someone else. Hence the rule -- you **MUST** stay in a critical region between the call to MakeAvailable and the call to Deactivate
// without exception. No other MakeAvailable is permitted. Once we know what the critical context is, we can check it to see if IT thinks IT has flagged
// the virtual processor. That check must come **BEFORE** the call to MakeAvailable and must be fenced by the time m_fAvailable is set to true.
// **************************************************
bool fOriginallyAvailable = false;
bool fMadeAvailable = false;
int passes = fOriginallyAvailable ? PASS_COUNT_BEFORE_SLEEP_ORIGINALLY_ACTIVATED : PASS_COUNT_BEFORE_SLEEP_NORMAL;
UMSThreadInternalContext::BlockingType blockingType = UMSThreadInternalContext::BlockingNormal;
CriticalRegionType type = OutsideCriticalRegion;
//
// If someone explicitly switched back to the primary, don't do the UMS blocked bit. Instead, just conduct the search from
// the primary for runnables or invoke the reserved context as appropriate. This is accomplished by the fact that affinitize would clear
// the executing proxy.
//
if (pPreviousContext != NULL)
{
VCMTRACE(MTRACE_EVT_UMSBLOCKED, pPreviousContext, m_pBoundVProc, NULL);
CONCRT_COREASSERT(pPreviousContext->UNSAFE_CurrentVirtualProcessor() == m_pBoundVProc);
CONCRT_COREASSERT(!pPreviousContext->IsBlocked());
CONCRT_COREASSERT(pPreviousContext->m_pThreadProxy != NULL);
#if defined(_DEBUG)
//
// If the context UMS blocks while it's holding a UMS blocked context prior to the switch, we can deadlock in a variety of ways.
// Assert this instead of relying on stress to ferret this out.
//
CONCRT_COREASSERT((pPreviousContext->GetDebugBits() & CTX_DEBUGBIT_HOLDINGUMSBLOCKEDCONTEXT) == 0);
#endif // _DEBUG
type = pPreviousContext->GetCriticalRegionType();
}
CONCRT_COREASSERT(type != InsideHyperCriticalRegion);
if (m_pBoundVProc->m_pCriticalContext != NULL)
{
//
// Only 1 context can be inside the critical region at a time
//
CONCRT_COREASSERT(pPreviousContext->GetCriticalRegionType() == OutsideCriticalRegion);
}
else if (type != OutsideCriticalRegion)
{
//
// A thread/context inside a critical region blocked
//
CONCRT_COREASSERT(m_pBoundVProc->m_pCriticalContext == NULL);
VCMTRACE(MTRACE_EVT_CRITICALBLOCK, pPreviousContext, m_pBoundVProc, NULL);
m_pBoundVProc->m_pCriticalContext = pPreviousContext;
blockingType = UMSThreadInternalContext::BlockingCritical;
}
bool fCritical = (m_pBoundVProc->m_pCriticalContext != NULL);
//
// Any context which made a virtual processor available darn well better be in a critical region until they claim it again.
//
UMSThreadInternalContext *pCriticalContext = m_pBoundVProc->m_pCriticalContext;
CONCRT_COREASSERT(!fOriginallyAvailable || pCriticalContext != NULL);
if (pCriticalContext != NULL && pCriticalContext->m_fIsVisibleVirtualProcessor)
{
fOriginallyAvailable = true;
}
//
// pSegment might be NULL because we've looped around, because someone blocked during a context recycling
// after we've already NULL'd the group out. In any of these cases, we go to the anonymous schedule group to start the search.
//
if (pSegment == NULL)
{
pSegment = m_pBoundVProc->GetOwningRing()->GetAnonymousScheduleGroupSegment();
}
if (pPreviousContext != NULL)
{
pPreviousContext->SetBlockingType(blockingType);
}
//
// The push context comes first (it is what the vproc was started with). We do *NOT* push to idle vprocs -- only to inactive ones.
//
InternalContextBase *pContext = m_pBoundVProc->m_pPushContext;
m_pBoundVProc->m_pPushContext = NULL;
while (pContext == NULL)
{
if (m_pBoundVProc->m_pCriticalContext != NULL)
{
//
// Sweep the completion list if we are waiting for a critical context.
// Otherwise the search for runnable would do the sweep.
//
m_pScheduler->MoveCompletionListToRunnables();
//
// The critical context is **ALWAYS** first priority -- no matter what! Since we are the only thread that picks up critical contexts
// due to SFW happening in a critical region, there's no CAS. We simply can clear the flag when appropriate.
//
if (m_pBoundVProc->m_fCriticalIsReady)
{
pContext = m_pBoundVProc->m_pCriticalContext;
m_pBoundVProc->m_fCriticalIsReady = FALSE;
m_pBoundVProc->m_pCriticalContext = NULL;
#if defined(_DEBUG)
fromBits = CTX_DEBUGBIT_PRIMARYAFFINITIZEFROMCRITICAL;
#endif // _DEBUG
CONCRT_COREASSERT(pContext != NULL);
}
}
else
{
CONCRT_COREASSERT(!m_pBoundVProc->m_fCriticalIsReady);
}
//
// Next priority is searching for contexts to run.
//
if (pContext == NULL)
{
//
// We need to do a full search for runnables. This means all scheduling rings, nodes, LRCs, etc... The reason for this is subtle. Normally,
// if we can't quickly find something to run, we switch to the reserved context which is a real search context and everyone is happy (we keep the virtual
// processor active). The only time we'll put the virtual processor to sleep HERE is when there's a critical context blocked or there are no reserved
// contexts.
// You might think we're okay to do that because the wakings there explicitly notify us. Unfortunately, those special contexts might be blocked
// on a lock held by an ARBITRARY context. That ARBITRARY context might have been moved to a runnables list in a different scheduling ring/node by
// the MoveCompletionListToRunnables above. Therefore, we must do a FULL search for runnables here across all rings.
//
WorkItem work;
if (m_pBoundVProc->SearchForWork(&work, pSegment, false, WorkItem::WorkItemTypeContext))
{
pContext = work.GetContext();
#if defined(_DEBUG)
CMTRACE(MTRACE_EVT_SFW_FOUNDBY, pContext, m_pBoundVProc, NULL);
fromBits = CTX_DEBUGBIT_PRIMARYAFFINITIZEFROMSEARCH;
#endif // _DEBUG
}
}
//
// If we could not find anyone to run by this point, we're stuck having to create a new SFW context. This should only happen
// if we're **NOT** critically blocked.
//
if (!fCritical && pContext == NULL)
{
pContext = m_pScheduler->GetReservedContext();
if (pContext == NULL)
m_pScheduler->DeferredGetInternalContext();
else
pContext->PrepareForUse(m_pScheduler->GetAnonymousScheduleGroupSegment(), NULL, false);
#if defined(_DEBUG)
fromBits = CTX_DEBUGBIT_PRIMARYRESERVEDCONTEXT;
#endif // _DEBUG
}
if (pPreviousContext != NULL)
{
//
// After one time through the search loop from the source, let go of the previous context. This means we can no longer originate
// a search from the source group. We cannot place a reference here because removing it might entail a deletion from the ListArray
// which cannot happen on the primary. Just search outward from the anonymous schedule group if we cannot find anything the first time
// through
//
if (pContext == NULL)
{
pSegment = m_pBoundVProc->GetOwningRing()->GetAnonymousScheduleGroupSegment();
}
SetUMSBlocked(pPreviousContext, pDispatchState->m_fIsPreviousContextAsynchronouslyBlocked);
pPreviousContext = NULL;
}
if (pContext == NULL)
{
//
// Make a series of passes through the "special SFW" above and then put the virtual processor to sleep.
//
pass++;
if (pass == passes)
{
//
// Make the virtual processor available and perform a flush. We need to make one more loop to "search for work"
// as it's entirely possible we raced with a wake notification on the critical context or reserved context list event.
//
// It's also entirely possible that a context in its last SFW loop after making the virtual processor available UMS triggered and got us
// back here. In that case, we need to remember this because special handling is required. Instead of having a horribly complex state
// machine to manage this particular race, we simply don't Deactivate here and instead, we poll. Much safer.
//
if (!fOriginallyAvailable)
{
fMadeAvailable = true;
m_pBoundVProc->MakeAvailableFromSchedulingContext();
}
//
// Currently safe because this is simply a flush that doesn't restore any state or wait on any events.
//
m_pBoundVProc->EnsureAllTasksVisible(this);
}
else if (pass > passes)
{
//
// Because we're not running on a context, we cannot participate in finalization and yet we are putting this virtual processor
// to sleep. In order to do that safely, we must have a guarantee that something will wake *US* up. That basically means that
// we have a special context blocked -- either a critically blocked context or waiting on reserved context event.
//
// Put the virtual processor to sleep for real. If we wake up for *ANY* reason (doesn't matter if it's the completion notification
// or not), loop back up and perform another SFW.
//
if (!fOriginallyAvailable)
{
if (!m_pBoundVProc->Deactivate(this))
{
//
// This indicates that something came back on the completion list. We really do want to do a FULL SFW here. We need to claim
// ownership of the VProc.
//
ClaimBoundProcessorAndSwallowActivation();
}
CONCRT_COREASSERT(!m_pBoundVProc->IsAvailable());
fMadeAvailable = false;
}
else
{
//
// In order to avoid horrible race conditions with the context which made this virtual processor available, we simply sleep, loop back
// up and check again.
//
// MINIMIZE blocking between MakeAvailable and Deactivate within the dispatch loop. This path has a big performance penalty.
// Also -- NEVER release the critical region between those paths (see above).
//
Sleep(100);
}
pass = 0;
}
}
}
//
// If we made the virtual processor available, we need to make it not so right now -- we're going to execute a context.
//
if (fMadeAvailable)
{
ClaimBoundProcessorAndSwallowActivation();
}
CONCRT_COREASSERT(!m_pBoundVProc->IsAvailable());
m_pBoundVProc->Affinitize(pContext);
#if defined(_DEBUG)
pContext->SetDebugBits(fromBits);
#endif // _DEBUG
m_pThreadProxy->SwitchTo(pContext, Blocking);
//
// If we get here, it indicates that the SwitchTo failed as a result of the underlying thread blocking asynchronously (e.g.: it was suspended or
// had a kernel APC running atop it when we tried to SwitchTo it). In this case, just go back up and pick another runnable. There's one absolutely
// critical thing here. We affinitized the vproc to pContext. It isn't executing pContext and never was. The execute failed because of a thread
// suspension, kernel APC, etc... After looping back, we *CANNOT* rely on vproc relative fields. We simply pick another context on the basis of
// information we already know and switch.
//
// On success, SwitchTo will snap out our stack (such is the way of the world on the UMS primary).
//
#if defined(_DEBUG)
pContext->SetDebugBits(CTX_DEBUGBIT_PRIMARYSWITCHTOFAILED);
#endif // _DEBUG
}
return;
}
