Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 5 Oct 1997 09:40:01 -0700 (PDT)
From:      Tor Egge <Tor.Egge@idi.ntnu.no>
To:        freebsd-bugs
Subject:   Re: kern/4630: buffer_map might become corrupted 
Message-ID:  <199710051640.JAA28689@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR kern/4630; it has been noted by GNATS.

From: Tor Egge <Tor.Egge@idi.ntnu.no>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  Subject: Re: kern/4630: buffer_map might become corrupted 
Date: Sun, 05 Oct 1997 18:32:34 +0200

 If the corrupted vm map entry ends with an addresses that is valid for
 most user processes, then the call to allobuf might not cause a
 crash. Then several different buffers will start using the same bogus
 kva. It probably ends with a trap #12 or a panic due to consistency
 checks (e.g. freeing free inode). Syncing of the disks may then cause
 further corruption.
 
 I'm using the following patch in order to keep extra sanity checks in
 vm_map_entry_create and vm_map_entry_delete.
 
 Index: vfs_bio.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/kern/vfs_bio.c,v
 retrieving revision 1.128
 diff -c -r1.128 vfs_bio.c
 *** vfs_bio.c	1997/09/21 22:00:25	1.128
 --- vfs_bio.c	1997/10/05 02:36:29
 ***************
 *** 145,150 ****
 --- 145,152 ----
   
   extern int vm_swap_size;
   
 + static volatile int biodone_active;
 + 
   #define BUF_MAXUSE 24
   
   #define VFS_BIO_NEED_ANY 1
 ***************
 *** 662,668 ****
   		/*
   		 * Get rid of the kva allocation *now*
   		 */
 ! 		bfreekva(bp);
   
   	/* buffers with junk contents */
   	} else if (bp->b_flags & (B_ERROR | B_INVAL | B_NOCACHE | B_RELBUF)) {
 --- 669,676 ----
   		/*
   		 * Get rid of the kva allocation *now*
   		 */
 ! 		if (!biodone_active)
 ! 			bfreekva(bp);
   
   	/* buffers with junk contents */
   	} else if (bp->b_flags & (B_ERROR | B_INVAL | B_NOCACHE | B_RELBUF)) {
 ***************
 *** 1745,1751 ****
 --- 1753,1761 ----
   	/* call optional completion function if requested */
   	if (bp->b_flags & B_CALL) {
   		bp->b_flags &= ~B_CALL;
 + 		biodone_active++;
   		(*bp->b_iodone) (bp);
 + 		biodone_active--;
   		splx(s);
   		return;
   	}
 ***************
 *** 1872,1881 ****
 --- 1882,1893 ----
   	 */
   
   	if (bp->b_flags & B_ASYNC) {
 + 		biodone_active++;
   		if ((bp->b_flags & (B_NOCACHE | B_INVAL | B_ERROR | B_RELBUF)) != 0)
   			brelse(bp);
   		else
   			bqrelse(bp);
 + 		biodone_active--;
   	} else {
   		bp->b_flags &= ~B_WANTED;
   		wakeup(bp);
 --------------
 
 - Tor Egge

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710051640.JAA28689>