From owner-freebsd-current@FreeBSD.ORG Thu Mar 4 18:55:25 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BEC716A4CE; Thu, 4 Mar 2004 18:55:25 -0800 (PST) Received: from ns1.xcllnt.net (209-128-86-226.BAYAREA.NET [209.128.86.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2EFFB43D2D; Thu, 4 Mar 2004 18:55:25 -0800 (PST) (envelope-from marcel@xcllnt.net) Received: from dhcp01.pn.xcllnt.net (dhcp01.pn.xcllnt.net [192.168.4.201]) by ns1.xcllnt.net (8.12.10/8.12.10) with ESMTP id i252tPOE007992; Thu, 4 Mar 2004 18:55:25 -0800 (PST) (envelope-from marcel@piii.pn.xcllnt.net) Received: from dhcp01.pn.xcllnt.net (localhost [127.0.0.1]) i252tO6I000641; Thu, 4 Mar 2004 18:55:24 -0800 (PST) (envelope-from marcel@dhcp01.pn.xcllnt.net) Received: (from marcel@localhost) by dhcp01.pn.xcllnt.net (8.12.11/8.12.11/Submit) id i252tOV0000640; Thu, 4 Mar 2004 18:55:24 -0800 (PST) (envelope-from marcel) Date: Thu, 4 Mar 2004 18:55:24 -0800 From: Marcel Moolenaar To: Nate Lawson Message-ID: <20040305025524.GA601@dhcp01.pn.xcllnt.net> References: <20040304025223.GA622@dhcp01.pn.xcllnt.net> <20040304161108.U26303@root.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040304161108.U26303@root.org> User-Agent: Mutt/1.4.2.1i cc: alc@freebsd.org cc: rwatson@freebsd.org cc: current@freebsd.org Subject: Re: bug in vm_contig.c? [was: Re: ACPI crash with recent changes] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 02:55:25 -0000 On Thu, Mar 04, 2004 at 04:16:20PM -0800, Nate Lawson wrote: > Try reverting these two changes. This is not an ACPI problem. The fact > that ACPI needs to allocate some memory early on in the boot for its sleep > code is what triggers this bug. > > src/sys/vm/vm_contig.c:1.31 > src/sys/vm/vm_page.c:1.277 > > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=326708+0+current/cvs-src > > I think the bug is the loop accessing i - 1 right from the start. It may > be correct to do: for (i = start + 1; ... > But I don't know this section of the code. Yes, start can be and is 0 at that moment. Hence, i can be 0 and i - 1 can be fatal. Initializing the loop with start + 1 fixes the problem. To be precise, we're talking about: Index: vm_contig.c =================================================================== RCS file: /home/ncvs/src/sys/vm/vm_contig.c,v retrieving revision 1.31 diff -u -r1.31 vm_contig.c --- vm_contig.c 2 Mar 2004 08:25:58 -0000 1.31 +++ vm_contig.c 5 Mar 2004 02:41:38 -0000 @@ -230,7 +230,7 @@ } } mtx_lock_spin(&vm_page_queue_free_mtx); - for (i = start; i < (start + size / PAGE_SIZE); i++) { + for (i = start + 1; i < (start + size / PAGE_SIZE); i++) { pqtype = pga[i].queue - pga[i].pc; if ((VM_PAGE_TO_PHYS(&pga[i]) != (VM_PAGE_TO_PHYS(&pga[i - 1]) + PAGE_SIZE)) || -- Marcel Moolenaar USPA: A-39004 marcel@xcllnt.net