Date: Sun, 18 Aug 2013 21:36:22 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r254501 - head/sys/amd64/amd64 Message-ID: <201308182136.r7ILaMAb093192@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Sun Aug 18 21:36:22 2013 New Revision: 254501 URL: http://svnweb.freebsd.org/changeset/base/254501 Log: When code from r254064 in pmap_ts_referenced() drops pv lock and blocks on a pmap lock, pmap_release() might proceed in parallel and destroy the pmap mutex, since unlocked pv lock allows to remove pv entry owned by the pmap. For now, gate the pmap_release() on write-locked pvh_global_lock. Since pmap_ts_release() does not unlock the global lock, pmap_release() would not destroy pmap mutex until the pmap_ts_referenced() finished. We cannot enter pmap_ts_referenced() and encounter a pv entry for the destroyed pmap if pmap_release() passed the global lock gate, since pmap_remove_pages() would finish earlier. Reported by: jeff, pho Reviewed by: alc Tested by: pho Sponsored by: The FreeBSD Foundation Modified: head/sys/amd64/amd64/pmap.c Modified: head/sys/amd64/amd64/pmap.c ============================================================================== --- head/sys/amd64/amd64/pmap.c Sun Aug 18 20:40:13 2013 (r254500) +++ head/sys/amd64/amd64/pmap.c Sun Aug 18 21:36:22 2013 (r254501) @@ -1959,6 +1959,9 @@ pmap_release(pmap_t pmap) KASSERT(vm_radix_is_empty(&pmap->pm_root), ("pmap_release: pmap has reserved page table page(s)")); + rw_wlock(&pvh_global_lock); + rw_wunlock(&pvh_global_lock); + m = PHYS_TO_VM_PAGE(pmap->pm_pml4[PML4PML4I] & PG_FRAME); for (i = 0; i < NKPML4E; i++) /* KVA */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201308182136.r7ILaMAb093192>