Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 09 Apr 1997 23:22:15 -0700
From:      Steven Wallace <swallace@ece.uci.edu>
To:        bugs@freebsd.org
Cc:        current@freebsd.org
Subject:   NFS/mmap freeze in 2.2R
Message-ID:  <199704100622.XAA19967@newport.ece.uci.edu>

next in thread | raw e-mail | index | archive | help

I have discovered how to freeze the system over an NFS mounted filesystem.
If you map a file over NFS read/write and shared, write
to the area in memory, and then have another program read that nfs file,
the system will freeze.  The freeze is kindof wierd though.
It appears that the kernel is still running somehow. 
I can change the sysconts vty's but typing and all other processes
are frozen and not running.

The system will get error messages (sometimes) ever 30 seconds when 
it syncs.  They report:

Apr  9 23:05:35 sdw /kernel: vnode_pager_putpages: I/O error 13
Apr  9 23:05:35 sdw /kernel: vnode_pager_putpages: residual I/O 65536 at 496


I have made life easy for you, Mr. VM master, by providing a program
to freeze your system, guaranteed.

Here is the program to freeze your system:


/* Instructions to freeze system:
   cc -O crashme.c -o crashme
   cd /nfs_mounted_dir
   crashme &
   cat nfsfile > /dev/null
   ------------SYSTEM FREEZE-----------------
*/

#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

#include <sys/types.h>
#include <sys/mman.h>
#include <sys/errno.h>

#define RAMSIZE_DEF   0x220000
#define SLEEP 1

static int mapmem(int fd, long start, long size, long offset, int w)
{
  caddr_t  maddr, addr;
  off_t    moffset   = (off_t)offset;
  const    int flags = /* MAP_FIXED |*/ MAP_SHARED;
  const    int prot  = PROT_READ | (w ? PROT_WRITE : 0);


  maddr = (caddr_t)(start);
  addr = (caddr_t)mmap(maddr, (size_t)size, prot, flags, fd, moffset);
  if((int)addr == -1) {
    fprintf(stderr, "mapmem at addr=%6x size=%5x offset=%5x: %s\n",
	    maddr, size, offset, strerror(errno));
  }
  return((int)addr);
}

int
main(int argc, char *argv[])
{
  int fdram;
  int dummy;
  long size = RAMSIZE_DEF;
  char *data;
  char *map;
  
  fdram = open("nfsfile", O_RDWR | O_CREAT, 0666);
  if(fdram < 0) {
    perror("open nfsfile");
    return(fdram);
  }

  if(lseek(fdram, 0, SEEK_END) <= 0) {
    if(lseek(fdram, size - sizeof(dummy), SEEK_SET) < 0)
      perror("lseek ram");
    if(write(fdram, &dummy, sizeof(dummy)) < 0)
      perror("write ram");
  }

  map = (char *)mapmem(fdram, 0, size, 0, 1);
  if((int)map == -1)
    return -1;
  
  data = (char *)malloc(size);
  strcpy(data, "begin of data");
  data[size - 1] = 'Z';

  if(!data) {
    printf("malloc failed\n");
    return -1;
  }

  while(1) {
    sleep(SLEEP);
    memcpy(map, data, size);
    printf("data written to mapped file\n");
  }

}





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704100622.XAA19967>