Date: Wed, 8 Jan 2020 22:03:21 -0800 From: Mark Millard <marklmi@yahoo.com> To: Justin Hibbits <chmeeedalf@gmail.com>, FreeBSD PowerPC ML <freebsd-ppc@freebsd.org> Cc: "bdragon@freebsd.org" <bdragon@FreeBSD.org> Subject: A possible unbounded loop in moea_sync_icache: why sys/vm/mlock_test:mlock__copy_on_write_vnode fails? Message-ID: <022334D3-B60E-440F-A514-8D8002B65CB4@yahoo.com> References: <022334D3-B60E-440F-A514-8D8002B65CB4.ref@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the statement: lim = round_page(va); later below in moea_sync_icache, it uses: #define round_page(x) (((x) + PAGE_MASK) & ~PAGE_MASK) So, for PAGE_MASK==(4096u-1u) the statement translates to, in essence (the u's are conceptual here): lim = ((va)+4095u) & ~4095u; That means that if va%4096u==0 then teh result is lim==va . In turn, that means that: len = MIN(lim - va, sz); results in len==0. That in turn means that: sz -= len; does not change sz. Overall result: the loop tesing sz>0 does not terminate. I expect that is why the kyua test: sys/vm/mlock_test:mlock__copy_on_write_vnode : is failing. The code in question: static void moea_sync_icache(mmu_t mmu, pmap_t pm, vm_offset_t va, vm_size_t sz) { struct pvo_entry *pvo; vm_offset_t lim; vm_paddr_t pa; vm_size_t len; PMAP_LOCK(pm); while (sz > 0) { lim = round_page(va); len = MIN(lim - va, sz); pvo = moea_pvo_find_va(pm, va & ~ADDR_POFF, NULL); if (pvo != NULL) { pa = (pvo->pvo_pte.pte.pte_lo & PTE_RPGN) | (va & ADDR_POFF); moea_syncicache(pa, len); } va += len; sz -= len; } PMAP_UNLOCK(pm); } === Mark Millard marklmi at yahoo.com ( dsl-only.net went away in early 2018-Mar)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?022334D3-B60E-440F-A514-8D8002B65CB4>