From owner-freebsd-current@FreeBSD.ORG Sat Oct 11 23:02:17 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 309F216A4B3 for ; Sat, 11 Oct 2003 23:02:17 -0700 (PDT) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13E3A43F85 for ; Sat, 11 Oct 2003 23:02:16 -0700 (PDT) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.12.9/8.12.9) with ESMTP id h9C626N1068466; Sat, 11 Oct 2003 23:02:10 -0700 (PDT) (envelope-from truckman@FreeBSD.org) Message-Id: <200310120602.h9C626N1068466@gw.catspoiler.org> Date: Sat, 11 Oct 2003 23:02:06 -0700 (PDT) From: Don Lewis To: sgk@troutmask.apl.washington.edu In-Reply-To: <20031012030646.GA36009@troutmask.apl.washington.edu> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii cc: freebsd-current@FreeBSD.org Subject: Re: panic: pmap_zero_page: CMAP3 busy X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Oct 2003 06:02:17 -0000 On 11 Oct, Steve Kargl wrote: > Upgrade tonight (7pm PST) and received the following > on rebooting > > panic: pmap_zero_page: CMAP3 busy > > Unfortunately, this system does not have a serial > console and the panic locked it up tight. Only > a hard reset brought the system back. I was just about to type "make installworld" when I got this message I checked the commit logs and didn't see any recent commits that looked suspicious, and since I do have a serial console I decided to throw caution to the wind and give the new kernel a try. Other than an annoyingly long pause while GEOM waits for my SCSI cdrom drive to figure out that it is empty (which has been noted in another thread), my system booted without any problems. My kernel has everything commited to the present time except: tjr 2003/10/11 21:25:26 PDT FreeBSD src repository Modified files: sys/i386/ibcs2 ibcs2_misc.c ibcs2_signal.c ibcs2_socksys.c ibcs2_util.c ibcs2_util.h imgact_coff.c Log: Fix a multitude of security bugs in the iBCS2 emulator: - Return NULL instead of returning memory outside of the stackgap in stackgap_alloc() (FreeBSD-SA-00:42.linux) - Check for stackgap_alloc() returning NULL in ibcs2_emul_find(); other calls to stackgap_alloc() have not been changed since they are small fixed-size allocations. - Replace use of strcpy() with strlcpy() in exec_coff_imgact() to avoid buffer overflow - Use strlcat() instead of strcat() to avoid a one byte buffer overflow in ibcs2_setipdomainname() - Use copyinstr() instead of copyin() in ibcs2_setipdomainname() to ensure that the string is null-terminated - Avoid integer overflow in ibcs2_setgroups() and ibcs2_setgroups() by checking that gidsetsize argument is non-negative and no larger than NGROUPS_MAX. - Range-check signal numbers in ibcs2_wait(), ibcs2_sigaction(), ibcs2_sigsys() and ibcs2_kill() to avoid accessing array past the end (or before the start) Revision Changes Path 1.52 +21 -3 src/sys/i386/ibcs2/ibcs2_misc.c 1.32 +7 -2 src/sys/i386/ibcs2/ibcs2_signal.c 1.19 +5 -3 src/sys/i386/ibcs2/ibcs2_socksys.c 1.17 +4 -2 src/sys/i386/ibcs2/ibcs2_util.c 1.17 +4 -1 src/sys/i386/ibcs2/ibcs2_util.h 1.61 +1 -1 src/sys/i386/ibcs2/imgact_coff.c Maybe this problem only affects certain hardware. Here is my dmesg.boot for comparison: Copyright (c) 1992-2003 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.1-CURRENT #28: Sat Oct 11 21:58:42 PDT 2003 dl@scratch.catspoiler.org:/usr/obj/usr/src/sys/GENERICSMB Preloaded elf kernel "/boot/kernel/kernel" at 0xc0a8f000. Preloaded elf module "/boot/kernel/aout.ko" at 0xc0a8f244. Preloaded elf module "/boot/kernel/acpi.ko" at 0xc0a8f2f0. Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: AMD Athlon(tm) XP 1900+ (1608.23-MHz 686-class CPU) Origin = "AuthenticAMD" Id = 0x662 Stepping = 2 Features=0x383fbff AMD Features=0xc0480000 real memory = 1073676288 (1023 MB) avail memory = 1033592832 (985 MB) Pentium Pro MTRR support enabled npx0: [FAST] npx0: on motherboard npx0: INT 16 interface acpi0: on motherboard pcibios: BIOS version 2.10 Using $PIR table, 11 entries at 0xc00fdc30 acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0 acpi_cpu0: on acpi0 acpi_button0: on acpi0 acpi_button1: on acpi0 pcib0: port 0x6000-0x607f,0x5000-0x500f,0x4080-0x40ff,0x4000-0x407f,0xcf8-0xcff on acpi0 pci0: on pcib0 pcib0: slot 7 INTD is routed to irq 10 pcib0: slot 7 INTD is routed to irq 10 pcib0: slot 10 INTA is routed to irq 11 pcib0: slot 12 INTA is routed to irq 15 agp0: port 0xc000-0xc003 mem 0xef020000-0xef020fff,0xe8000000-0xebffffff at device 0.0 on pci0 pcib1: at device 1.0 on pci0 pci1: on pcib1 pci_cfgintr: 1:5 INTA BIOS irq 15 pci1: at device 5.0 (no driver attached) isab0: at device 7.0 on pci0 isa0: on isab0 atapci0: port 0xc400-0xc40f at device 7.1 on pci0 ata0: at 0x1f0 irq 14 on atapci0 ata0: [MPSAFE] ata1: at 0x170 irq 15 on atapci0 ata1: [MPSAFE] uhci0: port 0xc800-0xc81f irq 10 at device 7.2 on pci0 usb0: on uhci0 usb0: USB revision 1.0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhub0: port error, restarting port 1 uhub0: port error, giving up port 1 uhub0: port error, restarting port 2 uhub0: port error, giving up port 2 uhci1: port 0xcc00-0xcc1f irq 10 at device 7.3 on pci0 usb1: on uhci1 usb1: USB revision 1.0 uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhub1: port error, restarting port 1 uhub1: port error, giving up port 1 uhub1: port error, restarting port 2 uhub1: port error, giving up port 2 viapropm0: SMBus I/O base at 0x5000 viapropm0: port 0x5000-0x500f at device 7.4 on pci0 viapropm0: SMBus revision code 0x40 smbus0: on viapropm0 smb0: on smbus0 fxp0: port 0xe000-0xe03f mem 0xef000000-0xef01ffff,0xef021000-0xef021fff irq 11 at device 10.0 on pci0 fxp0: Ethernet address 00:02:b3:5c:8c:e0 miibus0: on fxp0 inphy0: on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto ahc0: port 0xe400-0xe4ff mem 0xef022000-0xef022fff irq 15 at device 12.0 on pci0 aic7892: Ultra160 Wide Channel A, SCSI Id=7, 32/253 SCBs fdc0: port 0x3f7,0x3f0-0x3f5 irq 6 drq 2 on acpi0 fdc0: FIFO enabled, 8 bytes threshold fd0: <1440-KB 3.5" drive> on fdc0 drive 0 sio0 port 0x3f8-0x3ff irq 4 on acpi0 sio0: type 16550A, console sio1 port 0x2f8-0x2ff irq 3 on acpi0 sio1: type 16550A ppc0 port 0x778-0x77b,0x378-0x37f irq 7 drq 3 on acpi0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/8 bytes threshold ppbus0: on ppc0 plip0: on ppbus0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 atkbdc0: port 0x64,0x60 irq 1 on acpi0 atkbd0: flags 0x1 irq 1 on atkbdc0 kbd0 at atkbd0 psm0: irq 12 on atkbdc0 psm0: model IntelliMouse Explorer, device ID 4 orm0: