Date: Tue, 8 Nov 2016 15:07:42 +0100 From: Sebastian Huber <sebastian.huber@embedded-brains.de> To: FreeBSD <freebsd-hackers@freebsd.org> Subject: Should page allocator zero the pages for UMA? Message-ID: <5821DC2E.9020302@embedded-brains.de>
next in thread | raw e-mail | index | archive | help
Hello, we use the FreeBSD network, USB and SD/MMC card stacks for the real-time=20 operating system RTEMS: https://git.rtems.org/rtems-libbsd I update currently from FreeBSD 9.3 to head. We use the UMA from FreeBSD=20 with a custom page allocator: https://git.rtems.org/rtems-libbsd/tree/rtemsbsd/rtems/rtems-kernel-page.= c The FreeBSD 9.3 based port worked well with uninitialized pages, e.g.=20 random or previous content. However, after the update to head I had to=20 zero initialize the pages. One issue was an incomplete struct inpcb { [...] struct inpcbport *inp_phd; /* (i/h) head of this list */ #define inp_zero_size offsetof(struct inpcb, inp_gencnt) inp_gen_t inp_gencnt; /* (c) generation count */ struct llentry *inp_lle; /* cached L2 information */ struct rwlock inp_lock; rt_gen_t inp_rt_cookie; /* generation for route entry */ union { /* cached L3 information */ struct route inpu_route; struct route_in6 inpu_route6; } inp_rtu; #define inp_route inp_rtu.inpu_route #define inp_route6 inp_rtu.inpu_route6 }; initialization. The initialization consists of two parts: static int udp_inpcb_init(void *mem, int size, int flags) { struct inpcb *inp; inp =3D mem; INP_LOCK_INIT(inp, "inp", "udpinp"); return (0); } /* * Allocate a PCB and associate it with the socket. * On success return with the PCB locked. */ int in_pcballoc(struct socket *so, struct inpcbinfo *pcbinfo) { struct inpcb *inp; int error; #ifdef INVARIANTS if (pcbinfo =3D=3D &V_tcbinfo) { INP_INFO_RLOCK_ASSERT(pcbinfo); } else { INP_INFO_WLOCK_ASSERT(pcbinfo); } #endif error =3D 0; inp =3D uma_zalloc(pcbinfo->ipi_zone, M_NOWAIT); if (inp =3D=3D NULL) return (ENOBUFS); bzero(inp, inp_zero_size); inp->inp_pcbinfo =3D pcbinfo; inp->inp_socket =3D so; inp->inp_cred =3D crhold(so->so_cred); inp->inp_inc.inc_fibnum =3D so->so_fibnum; [...] This lets at least inp_route uninitialized leading to a crash during=20 destruction, e.g. if (inp->inp_route.ro_rt) { RTFREE(inp->inp_route.ro_rt); inp->inp_route.ro_rt =3D (struct rtentry *)NULL; } uses uninitialized data. Did something in the page allocator change between FreeBSD 9.3 and=20 trunk, so that page are now zero initialized or is this a bug in=20 udp_inpcb_init()? --=20 Sebastian Huber, embedded brains GmbH Address : Dornierstr. 4, D-82178 Puchheim, Germany Phone : +49 89 189 47 41-16 Fax : +49 89 189 47 41-09 E-Mail : sebastian.huber@embedded-brains.de PGP : Public key available on request. Diese Nachricht ist keine gesch=C3=A4ftliche Mitteilung im Sinne des EHUG= .
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5821DC2E.9020302>