From owner-freebsd-stable@FreeBSD.ORG Mon Sep 9 07:11:22 2013 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id D619A444 for ; Mon, 9 Sep 2013 07:11:22 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 7511D2B2C for ; Mon, 9 Sep 2013 07:11:22 +0000 (UTC) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.7/8.14.7) with ESMTP id r897BCmA090075; Mon, 9 Sep 2013 10:11:12 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.8.3 kib.kiev.ua r897BCmA090075 Received: (from kostik@localhost) by tom.home (8.14.7/8.14.7/Submit) id r897BCjB090074; Mon, 9 Sep 2013 10:11:12 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Mon, 9 Sep 2013 10:11:12 +0300 From: Konstantin Belousov To: Oliver Pinter Subject: Re: 9.2-STABLE: supervisor read data, page not present Message-ID: <20130909071112.GI41229@kib.kiev.ua> References: <20130909051444.GG41229@kib.kiev.ua> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="SWXyBy1zHAaCX+aB" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on tom.home Cc: stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Sep 2013 07:11:23 -0000 --SWXyBy1zHAaCX+aB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 09, 2013 at 08:45:21AM +0200, Oliver Pinter wrote: > On 9/9/13, Konstantin Belousov wrote: > > On Sun, Sep 08, 2013 at 11:40:01PM +0200, Oliver Pinter wrote: > >> #6 0xffffffff806a2ab3 in cpuctl_ioctl (dev=3D, > >> cmd=3D, data=3D, flags= =3D0, > >> td=3D) at /usr/src/sys/dev/cpuctl/cpuctl.c:478 > >> cpu =3D > >> ret =3D > > > > Do you indeed posses VIA CPU ? Was it due to some violence act ? >=20 > Nope, this is an Intel Q9300. >=20 > FreeBSD clang version 3.3 (tags/RELEASE_33/final 183502) 20130610 > CPU: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz (2499.76-MHz K8-clas= s CPU) > Origin =3D "GenuineIntel" Id =3D 0x10677 Family =3D 0x6 Model =3D 0x= 17 > Stepping =3D 7 > Features=3D0xbfebfbff > Features2=3D0x8e3fd > AMD Features=3D0x20100800 > AMD Features2=3D0x1 > TSC: P-state invariant, performance statistics > real memory =3D 4294967296 (4096 MB) > avail memory =3D 4103024640 (3912 MB) > Event timer "LAPIC" quality 400 > ACPI APIC Table: > FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs > FreeBSD/SMP: 1 package(s) x 4 core(s) > cpu0 (BSP): APIC ID: 0 > cpu1 (AP): APIC ID: 1 > cpu2 (AP): APIC ID: 2 > cpu3 (AP): APIC ID: 3 Intel update code has the same issue. Still, it is weird that the debugger reported the line from the update_via(). >=20 >=20 > > > > I am not sure about the first panic, lets fix the malloc/free corruption > > and see. The proc_reap() issue might be a consequence of the memory > > corruption from the wrong free(). > > > > There is no public documentation for VIA CPUs, at least I was not > > able to find anything when I looked. According to the comment in the > > update_via(), all what is needed is that update buffer was 4-bytes > > aligned, which is always guaranteed by our malloc(9), at least for the > > allocation of size >=3D4. > > > > Try this. Updated patch. diff --git a/sys/dev/cpuctl/cpuctl.c b/sys/dev/cpuctl/cpuctl.c index 4e5abb2..317fc08 100644 --- a/sys/dev/cpuctl/cpuctl.c +++ b/sys/dev/cpuctl/cpuctl.c @@ -295,10 +295,10 @@ cpuctl_do_update(int cpu, cpuctl_update_args_t *data,= struct thread *td) static int update_intel(int cpu, cpuctl_update_args_t *args, struct thread *td) { - void *ptr =3D NULL; + void *ptr; uint64_t rev0, rev1; uint32_t tmp[4]; - int is_bound =3D 0; + int is_bound; int oldcpu; int ret; =20 @@ -312,10 +312,11 @@ update_intel(int cpu, cpuctl_update_args_t *args, str= uct thread *td) } =20 /* - * 16 byte alignment required. + * 16 byte alignment required. Rely on the fact that + * malloc(9) always returns the pointer aligned at least on + * the size of the allocation. */ ptr =3D malloc(args->size + 16, M_CPUCTL, M_WAITOK); - ptr =3D (void *)(16 + ((intptr_t)ptr & ~0xf)); if (copyin(args->data, ptr, args->size) !=3D 0) { DPRINTF("[cpuctl,%d]: copyin %p->%p of %zd bytes failed", __LINE__, args->data, ptr, args->size); @@ -408,10 +409,10 @@ fail: static int update_via(int cpu, cpuctl_update_args_t *args, struct thread *td) { - void *ptr =3D NULL; + void *ptr; uint64_t rev0, rev1, res; uint32_t tmp[4]; - int is_bound =3D 0; + int is_bound; int oldcpu; int ret; =20 @@ -427,8 +428,7 @@ update_via(int cpu, cpuctl_update_args_t *args, struct = thread *td) /* * 4 byte alignment required. */ - ptr =3D malloc(args->size + 16, M_CPUCTL, M_WAITOK); - ptr =3D (void *)(16 + ((intptr_t)ptr & ~0xf)); + ptr =3D malloc(args->size, M_CPUCTL, M_WAITOK); if (copyin(args->data, ptr, args->size) !=3D 0) { DPRINTF("[cpuctl,%d]: copyin %p->%p of %zd bytes failed", __LINE__, args->data, ptr, args->size); --SWXyBy1zHAaCX+aB Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (FreeBSD) iQIcBAEBAgAGBQJSLXSPAAoJEJDCuSvBvK1Bv84P/3cmggIntT24YsCN9/qnt1a5 px4mDPkRyMH+Up+R2FOdewryiKdstDi61RtA/4C4WPBe8cqork6x9V5RHzwTnSvU 3YAgtv/PSK5ABMtwv2IgfejzAowGivwxpFYj+i+jibq4DpiF56upS8iElQMI/HQi uL7JX5zDWZE7ePMWIE3HZddRahKUyJUrHLdCdaUJyNen77V/sOSPuDalvvNbrrAJ qh9JWkZvmvgH/ei3iKLGa+GWVYD/w5KvfL1MAoLJyatVque0Sakn3JCb1+8dmVgZ 68lQv4v3kCThEZlM7y1QTxE6iCBx7x1IHQYBhNyd4JtgCzJuqe45fpvtCq9snmyf j83jMEGya5+LWBnNtxubtCexNt57KEM4C14T4A0wNq7gJ1CjylegZ5ppG/BCVpEj WB63QZCmtdfdaYAblbnCB1uq2E7YKKxCzbx/hi1xRRLa8cWKJt7fxKvxjqpK8t78 mM6yKktes8pGQxBLJAqv39aCOdKcVLK9SxN0lx1mi2E3QV/vqaaekpXxAm/VZ9RK qJciPYeSXzuZMT66E/4GO2pWGo9G6d59GFS5VlhuxurVIxHf5aCpusKv0SNNW+ON kpQjTVUsHFp940tSQIWr6MqjI3MeHQeK+CDU39ERAeJZWdn0hwH/tQIpKZCiS+Df 4kU/s/rIAU67/vBds6AK =1qPV -----END PGP SIGNATURE----- --SWXyBy1zHAaCX+aB--