From owner-freebsd-bugs Fri Nov 13 02:49:58 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA20640 for freebsd-bugs-outgoing; Fri, 13 Nov 1998 02:49:58 -0800 (PST) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA20635 for ; Fri, 13 Nov 1998 02:49:57 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id CAA01079; Fri, 13 Nov 1998 02:50:01 -0800 (PST) Date: Fri, 13 Nov 1998 02:50:01 -0800 (PST) Message-Id: <199811131050.CAA01079@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.ORG From: Bruce Evans Subject: Re: kern/8632: Bug in vm_page_alloc_contig() Reply-To: Bruce Evans Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR kern/8632; it has been noted by GNATS. From: Bruce Evans To: dev@opensound.com, freebsd-gnats-submit@freebsd.org Cc: dg@freebsd.org Subject: Re: kern/8632: Bug in vm_page_alloc_contig() Date: Fri, 13 Nov 1998 21:44:26 +1100 >>Description: >Using vm_page_alloc_contig() system call in an LKM crashes >FreeBSD 3.0 when running X Windows and a memory hogging application >like Netscape. We have created a sample LKM using the example in >/usr/share/examples/lkm/syscall. The source code for the LKM >can be obtained from ftp://ftp.4front-tech.com/ossapps/modtest.tar.gz swap_pager_putpages() almost always panics if it is called when curproc != pageproc, and vm_page_alloc_contig() usually calls it (indirectly) when there is a memory hogging application that hasn't already been paged out. This may be a fix: diff -c2 swap_pager.c~ swap_pager.c *** swap_pager.c~ Mon Nov 9 17:49:08 1998 --- swap_pager.c Fri Nov 13 21:04:12 1998 *************** *** 1536,1545 **** } ! if (bp->b_rcred != NOCRED) ! crfree(bp->b_rcred); ! if (bp->b_wcred != NOCRED) ! crfree(bp->b_wcred); ! ! spc_free(spc); if (swap_pager_free_pending) swap_pager_sync(); --- 1536,1547 ---- } ! if (spc != NULL) { ! if (bp->b_rcred != NOCRED) ! crfree(bp->b_rcred); ! if (bp->b_wcred != NOCRED) ! crfree(bp->b_wcred); ! spc_free(spc); ! } else ! relpbuf(bp); if (swap_pager_free_pending) swap_pager_sync(); I don't completely understand this. The curproc != pageproc case has obviously not worked for a long time, since it always led to the spc_free(NULL) panic. The relpbuf() cleanup is necessary but perhaps not sufficient. >>How-To-Repeat: >Once you obtain this LKM, please follow the steps below: > >0) extract modtest.tar in your root's home directory /root. Make sure > OSS is turned off and isn't loaded. The uuencoded version in the PR seems to be corrupt. >1) Boot up FreeBSD 3 and don't run X Windows yet!. From the console > type make load - this should load the LKM and print out some > messages. Now type make unload to unload the LKM. > >2) Now start X Windows, start you window manager and then from an > Xterm WIndow start Netscape (netscape &) and now try step 1 above. > You should have a total lockup. The problem can probably be seen with almost any process that isn't already entirely paged out. I used a 40MB one on a system with 64MB swap and repeated the vm_page_alloc_contig() call until it caused paging. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message