From owner-svn-src-all@FreeBSD.ORG Tue Jan 4 00:16:39 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 345DC1065672; Tue, 4 Jan 2011 00:16:39 +0000 (UTC) (envelope-from cperciva@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 096E88FC14; Tue, 4 Jan 2011 00:16:39 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id p040Gcqi011000; Tue, 4 Jan 2011 00:16:38 GMT (envelope-from cperciva@svn.freebsd.org) Received: (from cperciva@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id p040GcNf010998; Tue, 4 Jan 2011 00:16:38 GMT (envelope-from cperciva@svn.freebsd.org) Message-Id: <201101040016.p040GcNf010998@svn.freebsd.org> From: Colin Percival Date: Tue, 4 Jan 2011 00:16:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r216944 - head/sys/i386/xen X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jan 2011 00:16:39 -0000 Author: cperciva Date: Tue Jan 4 00:16:38 2011 New Revision: 216944 URL: http://svn.freebsd.org/changeset/base/216944 Log: Adjust the critical section protecting _xen_flush_queue to cover the entire range where the page mapping request queue needs to be atomically examined and modified. Oddly, while this doesn't seem to affect the overall rate of panics (running 'make index' on EC2 t1.micro instances, there are 0.6 +/- 0.1 panics per hour, both before and after this change), it eliminates vm_fault from panic backtraces, leaving only backtraces going through vmspace_fork. Modified: head/sys/i386/xen/xen_machdep.c Modified: head/sys/i386/xen/xen_machdep.c ============================================================================== --- head/sys/i386/xen/xen_machdep.c Tue Jan 4 00:11:09 2011 (r216943) +++ head/sys/i386/xen/xen_machdep.c Tue Jan 4 00:16:38 2011 (r216944) @@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -249,10 +250,13 @@ _xen_flush_queue(void) SET_VCPU(); int _xpq_idx = XPQ_IDX; int error, i; - /* window of vulnerability here? */ +#ifdef INVARIANTS if (__predict_true(gdtset)) - critical_enter(); + KASSERT(curthread->td_critnest > 0, + ("xen queue flush should be in a critical section")); +#endif + XPQ_IDX = 0; /* Make sure index is cleared first to avoid double updates. */ error = HYPERVISOR_mmu_update((mmu_update_t *)&XPQ_QUEUE, @@ -286,8 +290,6 @@ _xen_flush_queue(void) } } #endif - if (__predict_true(gdtset)) - critical_exit(); if (__predict_false(error < 0)) { for (i = 0; i < _xpq_idx; i++) printf("val: %llx ptr: %llx\n", @@ -301,7 +303,12 @@ void xen_flush_queue(void) { SET_VCPU(); + + if (__predict_true(gdtset)) + critical_enter(); if (XPQ_IDX != 0) _xen_flush_queue(); + if (__predict_true(gdtset)) + critical_exit(); } static __inline void