Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Jan 2021 10:52:23 -0800
From:      Ryan Libby <rlibby@freebsd.org>
To:        meloun.michal@gmail.com
Cc:        src-committers <src-committers@freebsd.org>, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org
Subject:   Re: git: 942951ba46ec - main - uma dbg: catch more corruption with atomics
Message-ID:  <CAHgpiFzvm8ZHXj2hOgRLpEMA1eAXpaaew4qBCjo5=cx5ndd2Yg@mail.gmail.com>
In-Reply-To: <d89b9ec0-29bd-3a54-7927-a9b49bde394c@gmail.com>
References:  <202012312103.0BVL3dGu073808@gitrepo.freebsd.org> <d89b9ec0-29bd-3a54-7927-a9b49bde394c@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
--00000000000047bf4105b7db3eab
Content-Type: text/plain; charset="UTF-8"

On Fri, Jan 1, 2021 at 5:46 AM Michal Meloun <meloun.michal@gmail.com> wrote:
>
>
>
> On 31.12.2020 22:03, Ryan Libby wrote:
> > The branch main has been updated by rlibby:
> >
> > URL: https://cgit.FreeBSD.org/src/commit/?id=942951ba46ecd5ebab18de006a24dc52e2d3f745
> >
> > commit 942951ba46ecd5ebab18de006a24dc52e2d3f745
> > Author:     Ryan Libby <rlibby@FreeBSD.org>
> > AuthorDate: 2020-12-31 21:02:45 +0000
> > Commit:     Ryan Libby <rlibby@FreeBSD.org>
> > CommitDate: 2020-12-31 21:02:45 +0000
> >
> >      uma dbg: catch more corruption with atomics
> >
> >      Use atomic testandset and testandclear to catch concurrent double free,
> >      and to reduce the number of atomic operations.
> >
> >      Submitted by:   jeff
> >      Reviewed by:    cem, kib, markj (all previous version)
> >      Sponsored by:   Dell EMC Isilon
> >      Differential Revision:  https://reviews.freebsd.org/D22703
> Unfortunately, this broke arm and arm64 kernel with random
> 'duplicate alloc'/'duplicate free' panics.
>
> Michal
>

Thanks for the report.  It's probably going to be several hours before I
can dig into this properly.  A GENERIC-NODEBUG kernel should avoid the
problem.

>From a quick scan of source, it looks to me like arm64's
atomic_testand{set,clear}_64 are broken because of a wrong mask value
under _ATOMIC_TEST_OP_IMPL(64, ...).

If you would like to test a patch, you could try the one attached
(only compile tested on my end).

Ryan

> > ---
> >   sys/vm/uma_core.c | 9 ++++-----
> >   1 file changed, 4 insertions(+), 5 deletions(-)
> >
> > diff --git a/sys/vm/uma_core.c b/sys/vm/uma_core.c
> > index a0192642205d..39c846effac8 100644
> > --- a/sys/vm/uma_core.c
> > +++ b/sys/vm/uma_core.c
> > @@ -5392,10 +5392,10 @@ uma_dbg_alloc(uma_zone_t zone, uma_slab_t slab, void *item)
> >       keg = zone->uz_keg;
> >       freei = slab_item_index(slab, keg, item);
> >
> > -     if (BIT_ISSET(keg->uk_ipers, freei, slab_dbg_bits(slab, keg)))
> > +     if (BIT_TEST_SET_ATOMIC(keg->uk_ipers, freei,
> > +         slab_dbg_bits(slab, keg)))
> >               panic("Duplicate alloc of %p from zone %p(%s) slab %p(%d)",
> >                   item, zone, zone->uz_name, slab, freei);
> > -     BIT_SET_ATOMIC(keg->uk_ipers, freei, slab_dbg_bits(slab, keg));
> >   }
> >
> >   /*
> > @@ -5426,11 +5426,10 @@ uma_dbg_free(uma_zone_t zone, uma_slab_t slab, void *item)
> >               panic("Unaligned free of %p from zone %p(%s) slab %p(%d)",
> >                   item, zone, zone->uz_name, slab, freei);
> >
> > -     if (!BIT_ISSET(keg->uk_ipers, freei, slab_dbg_bits(slab, keg)))
> > +     if (!BIT_TEST_CLR_ATOMIC(keg->uk_ipers, freei,
> > +         slab_dbg_bits(slab, keg)))
> >               panic("Duplicate free of %p from zone %p(%s) slab %p(%d)",
> >                   item, zone, zone->uz_name, slab, freei);
> > -
> > -     BIT_CLR_ATOMIC(keg->uk_ipers, freei, slab_dbg_bits(slab, keg));
> >   }
> >   #endif /* INVARIANTS */
> >
> >

--00000000000047bf4105b7db3eab
Content-Type: text/x-patch; charset="US-ASCII"; 
	name="0001-arm64-fix-mask-in-atomic_test-64-ops.patch"
Content-Disposition: attachment; 
	filename="0001-arm64-fix-mask-in-atomic_test-64-ops.patch"
Content-Transfer-Encoding: base64
Content-ID: <f_kjemqbwc0>
X-Attachment-Id: f_kjemqbwc0

RnJvbSA0ZmIxZDQxMjYzNmJmNmZlNTlkMDQ1N2U3ZGQxN2RhNWU1OWNlNTVmIE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiBSeWFuIExpYmJ5IDxybGliYnlARnJlZUJTRC5vcmc+CkRhdGU6
IEZyaSwgMSBKYW4gMjAyMSAxMDo0MzowMyAtMDgwMApTdWJqZWN0OiBbUEFUQ0hdIGFybTY0OiBm
aXggbWFzayBpbiBhdG9taWNfdGVzdCA2NCBvcHMKClRoZXNlIG1hY3JvcyBnZW5lcmF0ZSBib3Ro
IHRoZSAzMiBhbmQgNjQtYml0IG9wcyBidXQgdGhlIG1hc2sgd2FzIGhhcmQKY29kZWQgZm9yIDMy
LWJpdCBvcHMuCi0tLQogc3lzL2FybTY0L2luY2x1ZGUvYXRvbWljLmggfCA0ICsrLS0KIDEgZmls
ZSBjaGFuZ2VkLCAyIGluc2VydGlvbnMoKyksIDIgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEv
c3lzL2FybTY0L2luY2x1ZGUvYXRvbWljLmggYi9zeXMvYXJtNjQvaW5jbHVkZS9hdG9taWMuaApp
bmRleCA5OWRkNzNkNGY4NWYuLjljNWQ2MjI0ZjNlMiAxMDA2NDQKLS0tIGEvc3lzL2FybTY0L2lu
Y2x1ZGUvYXRvbWljLmgKKysrIGIvc3lzL2FybTY0L2luY2x1ZGUvYXRvbWljLmgKQEAgLTQwOSw3
ICs0MDksNyBAQCBfQVRPTUlDX1RFU1RfT1BfUFJPVE8odCwgb3AsIF9sbHNjKQkJCQkJXAogCXVp
bnQjI3QjI190IG1hc2ssIG9sZCwgdG1wOwkJCQkJXAogCWludCByZXM7CQkJCQkJCVwKIAkJCQkJ
CQkJCVwKLQltYXNrID0gMXUgPDwgKHZhbCAmIDB4MWYpOwkJCQkJXAorCW1hc2sgPSAoKHVpbnQj
I3QjI190KTEpIDw8ICh2YWwgJiAodCAtIDEpKTsJCQlcCiAJX19hc20gX192b2xhdGlsZSgJCQkJ
CQlcCiAJICAgICIxOiBsZHhyCQklIiN3IjIsIFslM11cbiIJCQkJXAogCSAgICAiICAiI2xsc2Nf
YXNtX29wIgklIiN3IjAsICUiI3ciMiwgJSIjdyI0XG4iCQlcCkBAIC00MjcsNyArNDI3LDcgQEAg
X0FUT01JQ19URVNUX09QX1BST1RPKHQsIG9wLCBfbHNlKQkJCQkJXAogewkJCQkJCQkJCVwKIAl1
aW50IyN0IyNfdCBtYXNrLCBvbGQ7CQkJCQkJXAogCQkJCQkJCQkJXAotCW1hc2sgPSAxdSA8PCAo
dmFsICYgMHgxZik7CQkJCQlcCisJbWFzayA9ICgodWludCMjdCMjX3QpMSkgPDwgKHZhbCAmICh0
IC0gMSkpOwkJCVwKIAlfX2FzbSBfX3ZvbGF0aWxlKAkJCQkJCVwKIAkgICAgIi5hcmNoX2V4dGVu
c2lvbiBsc2VcbiIJCQkJCVwKIAkgICAgImxkIiNsc2VfYXNtX29wIgklIiN3IjIsICUiI3ciMCwg
WyUxXVxuIgkJCVwKLS0gCjIuMzAuMAoK
--00000000000047bf4105b7db3eab--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHgpiFzvm8ZHXj2hOgRLpEMA1eAXpaaew4qBCjo5=cx5ndd2Yg>