From owner-svn-src-all@freebsd.org  Thu Oct 29 16:43:31 2015
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 75141A21F19
 for <svn-src-all@mailman.ysv.freebsd.org>;
 Thu, 29 Oct 2015 16:43:31 +0000 (UTC)
 (envelope-from Steve_Wahl@dell.com)
Received: from aussmtpmrkps320.us.dell.com (aussmtpmrkps320.us.dell.com
 [143.166.224.254]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
 (Client CN "ausxipmktps31.us.dell.com",
 Issuer "Verizon Public SureServer CA G14-SHA1" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id EFD4E1CD3;
 Thu, 29 Oct 2015 16:43:30 +0000 (UTC)
 (envelope-from Steve_Wahl@dell.com)
X-Loopcount0: from 76.164.8.179
X-IronPort-AV: E=Sophos;i="5.20,215,1444712400"; d="scan'208";a="343520305"
From: Steven Wahl <Steve_Wahl@Dell.com>
To: "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>
CC: "kib@freebsd.org" <kib@freebsd.org>, "cem@freebsd.org" <cem@freebsd.org>, 
 "jhb@freebsd.org" <jhb@freebsd.org>, Eric Van Gyzen
 <Eric.VanGyzen@compellent.com>
Subject: re: svn commit: r290130 - head/sys/dev/ntb/ntb_hw 
Thread-Topic: svn commit: r290130 - head/sys/dev/ntb/ntb_hw 
Thread-Index: AQHREmhYIP7z3M/acka0k/Skv4RW5g==
Date: Thu, 29 Oct 2015 16:42:20 +0000
Message-ID: <bbf3208d2a4d40998c2154402208c016@mspexmb1.Beer.Town>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [172.31.101.0]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Oct 2015 16:43:31 -0000

We ran into this exact problem, pmap_change_attr not working right with lar=
ge bars.  I had been working up to seeing if this compiles on the current h=
ead, introducing myself to the community, seeing if this would be accepted.=
=0A=
=0A=
But looks like it's needed sooner, so in case it might save you some time, =
here's the patch we developed for this problem.=0A=
=0A=
--> Steve Wahl, Dell Compellent, Eden Prairie, MN=0A=
=0A=
=0A=
commit 7d112aa8767390cb9dd020325a9f23aaac7fe5a0=0A=
Author: swahl <steve_wahl@dell.com>=0A=
Date:   Thu Oct 1 14:36:48 2015 -0500=0A=
=0A=
    CQ00492954: FreeBSD traps on call to pmap_change_attr() with large PLX =
BAR=0A=
    =0A=
    If an address passed to pmap_change_attr() refers to a virtual address,=
=0A=
    the function must also change the direct mapping of this same=0A=
    region (if any) to match, or intel says the result is undefined.=0A=
    =0A=
    But the original code did not check if the virtual address actually fel=
l=0A=
    within the direct mapped region before attempting to make this change.=
=0A=
    The attempt to look up the direct mapped page entries returned NULL, an=
d=0A=
    this was dereferenced causing a panic.=0A=
    =0A=
    This is fixed by checking whether the address is outside of the direct=
=0A=
    mapped range before trying to change the direct mapped entries.=0A=
=0A=
diff --git a/src/sys/amd64/amd64/pmap.c b/src/sys/amd64/amd64/pmap.c=0A=
index fe09ace..dee22de 100644=0A=
--- a/src/sys/amd64/amd64/pmap.c=0A=
+++ b/src/sys/amd64/amd64/pmap.c=0A=
@@ -6268,7 +6268,7 @@ pmap_change_attr_locked(vm_offset_t va, vm_size_t siz=
e, int mode)=0A=
 	 */=0A=
 	for (tmpva =3D base; tmpva < base + size; ) {=0A=
 		pdpe =3D pmap_pdpe(kernel_pmap, tmpva);=0A=
-		if (*pdpe =3D=3D 0)=0A=
+		if (pdpe =3D=3D NULL || *pdpe =3D=3D 0)=0A=
 			return (EINVAL);=0A=
 		if (*pdpe & PG_PS) {=0A=
 			/*=0A=
@@ -6341,7 +6341,8 @@ pmap_change_attr_locked(vm_offset_t va, vm_size_t siz=
e, int mode)=0A=
 				    X86_PG_PDE_CACHE);=0A=
 				changed =3D TRUE;=0A=
 			}=0A=
-			if (tmpva >=3D VM_MIN_KERNEL_ADDRESS) {=0A=
+			if (tmpva >=3D VM_MIN_KERNEL_ADDRESS &&=0A=
+			    (*pdpe & PG_PS_FRAME) < dmaplimit) {=0A=
 				if (pa_start =3D=3D pa_end) {=0A=
 					/* Start physical address run. */=0A=
 					pa_start =3D *pdpe & PG_PS_FRAME;=0A=
@@ -6370,7 +6371,8 @@ pmap_change_attr_locked(vm_offset_t va, vm_size_t siz=
e, int mode)=0A=
 				    X86_PG_PDE_CACHE);=0A=
 				changed =3D TRUE;=0A=
 			}=0A=
-			if (tmpva >=3D VM_MIN_KERNEL_ADDRESS) {=0A=
+			if (tmpva >=3D VM_MIN_KERNEL_ADDRESS &&=0A=
+			    (*pde & PG_PS_FRAME) < dmaplimit) {=0A=
 				if (pa_start =3D=3D pa_end) {=0A=
 					/* Start physical address run. */=0A=
 					pa_start =3D *pde & PG_PS_FRAME;=0A=
@@ -6397,7 +6399,8 @@ pmap_change_attr_locked(vm_offset_t va, vm_size_t siz=
e, int mode)=0A=
 				    X86_PG_PTE_CACHE);=0A=
 				changed =3D TRUE;=0A=
 			}=0A=
-			if (tmpva >=3D VM_MIN_KERNEL_ADDRESS) {=0A=
+			if (tmpva >=3D VM_MIN_KERNEL_ADDRESS &&=0A=
+			    (*pte & PG_FRAME) < dmaplimit) {=0A=
 				if (pa_start =3D=3D pa_end) {=0A=
 					/* Start physical address run. */=0A=
 					pa_start =3D *pte & PG_FRAME;=0A=