From owner-freebsd-stable@FreeBSD.ORG  Sat Dec 21 14:55:42 2013
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4FCA4356;
 Sat, 21 Dec 2013 14:55:42 +0000 (UTC)
Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id BF3AD1A80;
 Sat, 21 Dec 2013 14:55:41 +0000 (UTC)
Received: from tom.home (kostik@localhost [127.0.0.1])
 by kib.kiev.ua (8.14.7/8.14.7) with ESMTP id rBLEtZw0039696;
 Sat, 21 Dec 2013 16:55:35 +0200 (EET)
 (envelope-from kostikbel@gmail.com)
DKIM-Filter: OpenDKIM Filter v2.8.3 kib.kiev.ua rBLEtZw0039696
Received: (from kostik@localhost)
 by tom.home (8.14.7/8.14.7/Submit) id rBLEtYUt039682;
 Sat, 21 Dec 2013 16:55:34 +0200 (EET)
 (envelope-from kostikbel@gmail.com)
X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com
 using -f
Date: Sat, 21 Dec 2013 16:55:34 +0200
From: Konstantin Belousov <kostikbel@gmail.com>
To: Peter Wemm <peter@wemm.org>
Subject: Re: 10.0 BETA 3 with redports kernel panic
Message-ID: <20131221145534.GY59496@kib.kiev.ua>
References: <1387473915.2494.0.camel@powernoodle.corp.yahoo.com>
 <20131219180833.GN59496@kib.kiev.ua>
 <1387479064.2494.5.camel@powernoodle.corp.yahoo.com>
 <CAGE5yCqhmRSM6oyw=FRZq59LniLsYaN+Eog=GEPn3-ruuQk9EQ@mail.gmail.com>
 <CAGE5yCp9msPAy4HZ4TGRXws+xjLQ8iChbPQGj539qHJKhq2UJQ@mail.gmail.com>
 <1387492541.27693.5.camel@powernoodle.corp.yahoo.com>
 <20131220094835.GR59496@kib.kiev.ua>
 <1387554355.1491.4.camel@powernoodle.corp.yahoo.com>
 <20131220162254.GT59496@kib.kiev.ua>
 <CAGE5yCos5xGu7w24A6QSRDEPbfRNsjmHSvnpUE2Dvr1PUW2T8w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="t5GvENM0tXJC2Y4Y"
Content-Disposition: inline
In-Reply-To: <CAGE5yCos5xGu7w24A6QSRDEPbfRNsjmHSvnpUE2Dvr1PUW2T8w@mail.gmail.com>
User-Agent: Mutt/1.5.22 (2013-10-16)
X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00,
 DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no
 version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on tom.home
Cc: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org>
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Dec 2013 14:55:42 -0000


--t5GvENM0tXJC2Y4Y
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Dec 20, 2013 at 11:29:40AM -0800, Peter Wemm wrote:
> On Fri, Dec 20, 2013 at 8:22 AM, Konstantin Belousov
> <kostikbel@gmail.com> wrote:
> > On Fri, Dec 20, 2013 at 07:45:55AM -0800, Sean Bruno wrote:
> >> With this change to pmap.c we blow up in keg_alloc_slab() now:
> >>
> >> FreeBSD clang version 3.3 (tags/RELEASE_33/final 183502) 20130610
> >> kernel trap 12 with interrupts disabled
> >>
> >>
> >> Fatal trap 12: page fault while in kernel mode
> >> cpuid =3D 0; apic id =3D 00
> >> fault virtual address =3D 0x8
> >> fault code            =3D supervisor write data, page not present
> >> instruction pointer   =3D 0x20:0xffffffff80b2602a
> >> stack pointer         =3D 0x28:0xffffffff81a90a50
> >> frame pointer         =3D 0x28:0xffffffff81a90ac0
> >> code segment          =3D base 0x0, limit 0xfffff, type 0x1b
> >>                       =3D DPL 0, pres 1, long 1, def32 0, gran 1
> >> processor eflags      =3D resume, IOPL =3D 0
> >> current process               =3D 0 ()
> >> [ thread pid 0 tid 0 ]
> >> Stopped at      keg_alloc_slab+0x13a:   movq    %r13,0x8(%rax)
> >> db> whe
> >> Tracing pid 0 tid 0 td 0xffffffff81527500
> >> keg_alloc_slab() at keg_alloc_slab+0x13a/frame 0xffffffff81a90ac0
> >> keg_fetch_slab() at keg_fetch_slab+0x152/frame 0xffffffff81a90b10
> >> zone_fetch_slab() at zone_fetch_slab+0x7e/frame 0xffffffff81a90b50
> >> zone_import() at zone_import+0x3c/frame 0xffffffff81a90b90
> >> uma_zalloc_arg() at uma_zalloc_arg+0x33e/frame 0xffffffff81a90c10
> >> malloc() at malloc+0x6a/frame 0xffffffff81a90c60
> >> init_dynamic_kenv() at init_dynamic_kenv+0x8d/frame 0xffffffff81a90c90
> >> mi_startup() at mi_startup+0x118/frame 0xffffffff81a90cb0
> >> btext() at btext+0x2c
> >> db> bt
> >> Tracing pid 0 tid 0 td 0xffffffff81527500
> >> keg_alloc_slab() at keg_alloc_slab+0x13a/frame 0xffffffff81a90ac0
> >> keg_fetch_slab() at keg_fetch_slab+0x152/frame 0xffffffff81a90b10
> >> zone_fetch_slab() at zone_fetch_slab+0x7e/frame 0xffffffff81a90b50
> >> zone_import() at zone_import+0x3c/frame 0xffffffff81a90b90
> >> uma_zalloc_arg() at uma_zalloc_arg+0x33e/frame 0xffffffff81a90c10
> >> malloc() at malloc+0x6a/frame 0xffffffff81a90c60
> >> init_dynamic_kenv() at init_dynamic_kenv+0x8d/frame 0xffffffff81a90c90
> >> mi_startup() at mi_startup+0x118/frame 0xffffffff81a90cb0
> >> btext() at btext+0x2c
> >>
> >
> > This could be related, indeed.
> >
> > Lets limit the impact to the /dev/{,k}mem only.  Please try this.
> >
> > diff --git a/sys/amd64/amd64/mem.c b/sys/amd64/amd64/mem.c
> > index abbbb21..2a9b7c1 100644
> > --- a/sys/amd64/amd64/mem.c
> > +++ b/sys/amd64/amd64/mem.c
> > @@ -98,7 +98,11 @@ memrw(struct cdev *dev, struct uio *uio, int flags)
> >  kmemphys:
> >                         o =3D v & PAGE_MASK;
> >                         c =3D min(uio->uio_resid, (u_int)(PAGE_SIZE - o=
));
> > -                       error =3D uiomove((void *)PHYS_TO_DMAP(v), (int=
)c, uio);
> > +                       v =3D PHYS_TO_DMAP(v);
> > +                       if (v < DMAP_MIN_ADDRESS || v >=3D dmaplimit ||
> > +                           pmap_kextract(v) =3D=3D 0)
> > +                               return (EFAULT);
> > +                       error =3D uiomove((void *)v, (int)c, uio);
> >                         continue;
> >                 }
> >                 else if (dev2unit(dev) =3D=3D CDEV_MINOR_KMEM) {
> > diff --git a/sys/amd64/amd64/pmap.c b/sys/amd64/amd64/pmap.c
> > index 014020b..13404b0 100644
> > --- a/sys/amd64/amd64/pmap.c
> > +++ b/sys/amd64/amd64/pmap.c
> > @@ -321,7 +321,7 @@ SYSCTL_INT(_machdep, OID_AUTO, nkpt, CTLFLAG_RD, &n=
kpt, 0,
> >      "Number of kernel page table pages allocated on bootup");
> >
> >  static int ndmpdp;
> > -static vm_paddr_t dmaplimit;
> > +vm_paddr_t dmaplimit;
> >  vm_offset_t kernel_vm_end =3D VM_MIN_KERNEL_ADDRESS;
> >  pt_entry_t pg_nx;
> >
> > diff --git a/sys/amd64/include/pmap.h b/sys/amd64/include/pmap.h
> > index 3918282..e83e07e 100644
> > --- a/sys/amd64/include/pmap.h
> > +++ b/sys/amd64/include/pmap.h
> > @@ -369,6 +369,7 @@ extern vm_paddr_t phys_avail[];
> >  extern vm_paddr_t dump_avail[];
> >  extern vm_offset_t virtual_avail;
> >  extern vm_offset_t virtual_end;
> > +extern vm_paddr_t dmaplimit;
> >
> >  #define        pmap_page_get_memattr(m)        ((vm_memattr_t)(m)->md.=
pat_mode)
> >  #define        pmap_page_is_write_mapped(m)    (((m)->aflags & PGA_WRI=
TEABLE) !=3D 0)
>=20
> The reason why the dmaplimit change originally exploded was becase
> dmaplimit is set to zero for the duration of while we're running on
> the page tables given to us by the loader.  I believe initializing
> dmaplimit to DMAP_MAX_ADDRESS rather than zero would have solved the
> original explosions.
The dmaplimit is initialized in hammer_time->pmap_bootstrap->getmemsize->
create_pagetable().  The backtrace above should be much later in the
boot sequence, note that mi_startup() was already running.

I believe that my previous change just broke vsetslab()/vtoslab().

--t5GvENM0tXJC2Y4Y
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iQIcBAEBAgAGBQJStavlAAoJEJDCuSvBvK1Bj/gP/1nMfabZLntr1skIWWF3ocS3
fj/yX0oKF2FP/fOL/qVCG8q3y2cUPWMaQPs2UzFq0E9+f+3gffdXnYJ0vMH7iZ3W
cGiMlZTGeuFYY1KCLpYhcm+C0Qe7vnYiFC72359g1u/obSwfaUrjIBH7S9hbl5pn
NG27mMNhanOLQEpQBgDWUelOxegKYNTutsmkhNJoc7E8aU83h8rhI/14XSRWd1mI
E0Uv+7Bu7xOuwT8CN07UCIXxuQbXSHRnkTNlAveaOWtMjC3ycYeTxjefgw+zlai1
h5KwL3fmg3iZl2wL5ikcTKlZcE6c3jPuIoDlWebtXTgZk6ilvtV7IdZssLsQdug3
IuK3UOm3gwyHDm5X0LAi9778HzC6yWP921DshvSqGI6+fkeBUlKOIjEIIyVs5kdi
sYXioBl8zgn29rCBfPMPhzXyiJ/1usBY4HJy0AAkoDsASoEbHBZm2tzmzuhe4aUa
0EYrydhsRmRMckOJjpC9GRHsgCa3d0SGMb5t4YKD91YbSeqSJ9CfREdEZUAw0OFM
RKXcUYqtL92nqEV+P2G+XplWgjDVpnnQXwu0oQw9CcMFOYGztuxzLSMPBF6nbYCE
FGTEXeE13E1q8ECoZZ94v2ODl1pJY7FrmVBfAVsQV6Tg7h3sm9nV2qpk3xRlLaR6
s+ogkhkFdUkf5CLWjayy
=rNho
-----END PGP SIGNATURE-----

--t5GvENM0tXJC2Y4Y--