Date: Tue, 22 Feb 2000 01:10:03 -0800 (PST) From: Bruce Evans <bde@zeta.org.au> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/16568: How to crash FreeBSD 4.4 Message-ID: <200002220910.BAA84075@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/16568; it has been noted by GNATS.
From: Bruce Evans <bde@zeta.org.au>
To: Bjoern Groenvall <bg@bg.sics.se>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, bg@sics.se, alc@FreeBSD.ORG
Subject: Re: kern/16568: How to crash FreeBSD 4.4
Date: Tue, 22 Feb 2000 20:01:30 +1100 (EST)
On Mon, 7 Feb 2000, Bjoern Groenvall wrote:
> >Number: 16568
> >Category: kern
> >Synopsis: How to crash FreeBSD 4.4
^^^ 3.4 (also affects 3.1)
This seems to have been fixed as a side effect of a better optimisation
in -current in rev.1.228 of pmap.c. Try the following patch (derived
from there).
diff -c2 pmap.c~ pmap.c
*** pmap.c~ Fri Sep 3 22:20:49 1999
--- pmap.c Tue Feb 22 19:22:52 2000
***************
*** 1863,1872 ****
pv_table_t *ppv;
register unsigned *pte, tpte;
- int nmodify;
- int update_needed;
int s;
- nmodify = 0;
- update_needed = 0;
#if defined(PMAP_DIAGNOSTIC)
/*
--- 1863,1868 ----
***************
*** 1907,1919 ****
ppv->pv_vm_page->dirty = VM_PAGE_BITS_ALL;
}
! #ifdef SMP
! update_needed = 1;
! #else
! if (!update_needed &&
! ((!curproc || (&curproc->p_vmspace->vm_pmap == pv->pv_pmap)) ||
! (pv->pv_pmap == kernel_pmap))) {
! update_needed = 1;
! }
! #endif
TAILQ_REMOVE(&pv->pv_pmap->pm_pvlist, pv, pv_plist);
TAILQ_REMOVE(&ppv->pv_list, pv, pv_list);
--- 1903,1908 ----
ppv->pv_vm_page->dirty = VM_PAGE_BITS_ALL;
}
! invltlb_1pg(pv->pv_va);
!
TAILQ_REMOVE(&pv->pv_pmap->pm_pvlist, pv, pv_plist);
TAILQ_REMOVE(&ppv->pv_list, pv, pv_list);
***************
*** 1925,1933 ****
ppv->pv_vm_page->flags &= ~(PG_MAPPED | PG_WRITEABLE);
- if (update_needed)
- invltlb();
-
splx(s);
- return;
}
--- 1914,1918 ----
Hints on reproducing the bug:
- Using the kernel config (PAO) in the PR is probably unnecessary. The
bug probably occurs with any config provided the maximum files limit
is large enough for the memory allocation for fd_ofiles to be several
pages. I used a limit of 4136.
- Limit the memory size. The bug is much easier to reproduce with a
memory size of 64M than with 320M.
Notes:
- An unconditional invltlb() at the end of pmap_remove_all() doesn't
fix the bug. I don't understand this, or why the old optimisation
was wrong. A conditional invltlb() at the end would be optimal for
i386's if it worked.
- The alpha pmap.c probably doesn't have the bug, even in RELENG_3, since
the old "optimisation" was changed to the new one long ago in rev.1.9,
apparently independently.
Bruce
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002220910.BAA84075>