From owner-cvs-all Tue Sep 29 11:15:01 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA09455 for cvs-all-outgoing; Tue, 29 Sep 1998 11:15:01 -0700 (PDT) (envelope-from owner-cvs-all) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA09374; Tue, 29 Sep 1998 11:14:17 -0700 (PDT) (envelope-from dillon@backplane.com) Received: (dillon@localhost) by apollo.backplane.com (8.9.1/8.6.5) id LAA20823; Tue, 29 Sep 1998 11:14:03 -0700 (PDT) Date: Tue, 29 Sep 1998 11:14:03 -0700 (PDT) From: Matthew Dillon Message-Id: <199809291814.LAA20823@apollo.backplane.com> To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: A second mmap file corruption issue Sender: owner-cvs-all@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I've verified that the *other* mmap file corruption issue that Terry brought up is real. Here's what happened to me: -stable system news1.best.com All of diablo's mmap's are read-only shared. Diablo is operating fine, no problems. I kill Diablo and restart it. Suddenly, an mmap'd portion of diablo's history file is corrupted, containing a portion of some other file. Diablo shares pages and mmap's up the wazoo. What I believe happened was that all the page references in the mmap were hiding a wiring count failure in the bp code. When I exited diablo, I believe that a bp wound up with b_pages[] pointing to pages that were no longer wired and then the pages got reused. This is conjecture. I would like someone to look at the following code, though: (1) around line 659 of kern/vfs_bio.c, in brelse(). I think the page needs to be wired !!!!!!! Won't the wire count get corrupted when the bp is released and the page isn't wired ? if (m == bogus_page) { m = vm_page_lookup(obj, poff + j); ... bp->b_pages[j] = m; } (2) around line 1969 of kern/vfs_bio.c, in biodone. I think this page needs to be wired as well. if (m == bogus_page) { bogusflag = 1; m = vm_page_lookup(obj, OFF_TO_IDX(foff)); ... bp->b_pages[i] = m; pmap_qenter(trunc_page(bp->b_data), bp->b_pages, bp->b_npages); } (3) Could someone also check vfs_busy_pages() and vfs_unbusy_pages() ? busy_pages removes pages from the bp without unwiring them, presumably because unbusy_pages adds them back without wiring them. That seems rather fragile to me but I *think* the code is doing the right thing as long as all vfs_busy_pages() calls are matched by vfs_unbusy_pages() calls. -Matt Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet Communications & God knows what else. (Please include original email in any response)