From owner-freebsd-current@FreeBSD.ORG Tue Feb 19 13:25:13 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1164116A417; Tue, 19 Feb 2008 13:25:13 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from relay02.kiev.sovam.com (relay02.kiev.sovam.com [62.64.120.197]) by mx1.freebsd.org (Postfix) with ESMTP id 95E1E13C47E; Tue, 19 Feb 2008 13:25:12 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from [212.82.216.226] (helo=skuns.kiev.zoral.com.ua) by relay02.kiev.sovam.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from ) id 1JRST4-0008NV-2l; Tue, 19 Feb 2008 15:25:10 +0200 Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua [10.1.1.148]) by skuns.kiev.zoral.com.ua (8.14.1/8.14.1) with ESMTP id m1JDOY91040022 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 19 Feb 2008 15:24:34 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.2/8.14.2) with ESMTP id m1JDOuv5001564; Tue, 19 Feb 2008 15:24:56 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.2/8.14.2/Submit) id m1JDOtpW001563; Tue, 19 Feb 2008 15:24:55 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Tue, 19 Feb 2008 15:24:55 +0200 From: Kostik Belousov To: Michiel Boland Message-ID: <20080219132455.GD57756@deviant.kiev.zoral.com.ua> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="p0yZhIIvPymhuc7/" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: ClamAV version 0.91.2, clamav-milter version 0.91.2 on skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.3 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on skuns.kiev.zoral.com.ua X-Scanner-Signature: 88d0fd334128e7d5bb9b9ebe4fef9048 X-DrWeb-checked: yes X-SpamTest-Envelope-From: kostikbel@gmail.com X-SpamTest-Group-ID: 00000000 X-SpamTest-Header: Not Detected X-SpamTest-Info: Profiles 2256 [Feb 19 2008] X-SpamTest-Info: helo_type=3 X-SpamTest-Method: none X-SpamTest-Rate: 0 X-SpamTest-Status: Not detected X-SpamTest-Status-Extended: not_detected X-SpamTest-Version: SMTP-Filter Version 3.0.0 [0278], KAS30/Release Cc: alc@freebsd.org, freebsd-current@freebsd.org Subject: Re: panic upon starting X in recent -CURRENTs (intel driver) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2008 13:25:13 -0000 --p0yZhIIvPymhuc7/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 18, 2008 at 11:35:31PM +0100, Michiel Boland wrote: > >Hi. After recent upgrade (from 21 dec to today's src) the kernel crashes= =20 > >when starting X with > > > >panic: pmap_remove_all: page 0xc56e07f8 is fictitious >=20 > FWIW below is a trivial program to re-create a similar crash. Needs root,= =20 > obviously. But still shouldn't cause a panic though. Note that the trick= =20 > in the program is that we mmap two pages, then munmap only half of them. >=20 > #include > #include > #include > #include > #include >=20 > static const off_t map_address =3D 0xa0000; > static const size_t map_size =3D 0x1000; >=20 > static int testit(int fd) > { > void *p; > int rv; >=20 > p =3D mmap(NULL, 2 * map_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, > map_address); > if (p =3D=3D MAP_FAILED) { > perror("mmap"); > return -1; > } > rv =3D *(char *) p; > if (munmap(p, map_size) =3D=3D -1) { > perror("munmap"); > return -1; > } > return rv; > } >=20 > int main(void) > { > int fd, rv; >=20 > fd =3D open("/dev/mem", O_RDWR); > if (fd =3D=3D -1) { > perror("open"); > return 1; > } > rv =3D testit(fd); > close(fd); > return rv; > } What happen there is that munmap() do the split for the /dev/mem mapping. This caused the OBJT_DEVICE ref_count to be bumped, and vm_map_entry_delete= () called vm_object_page_remove(). The later called pmap_remove_all() unconditionally. pmap_remove_all has the KASSERT that fails exactly when supplied fictitious page. It becomes KASSERT in the rev. 1.106 of i386/pmap.c, committed 2008/01/08, it was under the PMAP_DIAGNOSTIC before. Since such page has md.pv_list empty anyway, this KASSERT seems to be only the statement of intent. The change below would prevent the panic by not calling pmap_remove_all from vm_object_page_remove for such pages. Alan, do you have objections ? [Alternative seems to be a removal of the assertions from all pmap implementations, that also weaken the invariants for other callers that do skip fictitious pages]. diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c index 21c0ac6..21ee10d 100644 --- a/sys/vm/vm_object.c +++ b/sys/vm/vm_object.c @@ -1884,7 +1884,8 @@ again: */ if ((wirings =3D p->wire_count) !=3D 0 && (wirings =3D pmap_page_wired_mappings(p)) !=3D p->wire_count) { - pmap_remove_all(p); + if ((p->flags & PG_FICTITIOUS) =3D=3D 0) + pmap_remove_all(p); /* Account for removal of managed, wired mappings. */ p->wire_count -=3D wirings; if (!clean_only) @@ -1898,7 +1899,8 @@ again: if (p->valid & p->dirty) continue; } - pmap_remove_all(p); + if ((p->flags & PG_FICTITIOUS) =3D=3D 0) + pmap_remove_all(p); /* Account for removal of managed, wired mappings. */ if (wirings !=3D 0) p->wire_count -=3D wirings; --p0yZhIIvPymhuc7/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (FreeBSD) iEYEARECAAYFAke62KYACgkQC3+MBN1Mb4jA6wCgx09AvshM2AbjR/FEKDFBCeAe HssAn3801VxP8WIJjiNIuMRjaNcdY3uS =FRNq -----END PGP SIGNATURE----- --p0yZhIIvPymhuc7/--