From owner-freebsd-bugs@FreeBSD.ORG  Sun Mar 23 12:10:01 2014
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id B03B7E79
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Sun, 23 Mar 2014 12:10:01 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8F31811A
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Sun, 23 Mar 2014 12:10:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s2NCA1uh053549
 for <freebsd-bugs@freefall.freebsd.org>; Sun, 23 Mar 2014 12:10:01 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s2NCA12X053548;
 Sun, 23 Mar 2014 12:10:01 GMT (envelope-from gnats)
Date: Sun, 23 Mar 2014 12:10:01 GMT
Message-Id: <201403231210.s2NCA12X053548@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Henrik Gulbrandsen <henrik@gulbra.net>
Subject: Re: kern/187238: =?UTF-8?Q?vm=2Epmap=2Epcid=5Fenabled=3D=22=31=22?=
 =?UTF-8?Q?=20causes=20Java=20to=20coredump=20in=20FBSD=20=31=30?=
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Henrik Gulbrandsen <henrik@gulbra.net>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Mar 2014 12:10:01 -0000

The following reply was made to PR kern/187238; it has been noted by GNATS.

From: Henrik Gulbrandsen <henrik@gulbra.net>
To: bug-followup@freebsd.org, freebsd-java@freebsd.org
Cc: Craig Rodrigues <rodrigc@freebsd.org>, Konstantin Belousov
 <kib@freebsd.org>, Alan Cox <alc@freebsd.org>
Subject: Re: kern/187238: =?UTF-8?Q?vm=2Epmap=2Epcid=5Fenabled=3D=22=31=22?=
 =?UTF-8?Q?=20causes=20Java=20to=20coredump=20in=20FBSD=20=31=30?=
Date: Sun, 23 Mar 2014 13:03:00 +0100

 --=_ef7706356ad2b17cefd08d9045174740
 Content-Transfer-Encoding: 7bit
 Content-Type: text/plain; charset=UTF-8;
  format=flowed
 
 This is the most time-consuming bug I've encountered in my life, and not
 only because I started looking for it in the JVM, but now it seems to 
 have
 been hiding in plain sight. I'm pretty sure that pmap->pm_save is 
 handled
 incorrectly in the current kernel. Judging from the code, it's supposed 
 to
 include all CPUs where the pmap has been active since the latest call to
 pmap_invalidate_all(...). However, that means that it should always be a
 superset of pmap->pm_active, since any CPU where the pmap is active may
 cache pmap information at any time. Currently, this is not the case, and
 since only CPUs in pmap->pm_save are targeted in the TLB shootdown, we
 are left with inconsistencies that crash the process soon afterwards.
 
 The attached patch solves this by only clearing a CPU from pmap->pm_save
 if it is not currently included in pmap->pm_active. As far as I can 
 tell,
 that eliminates the bug. The patch is against STABLE, since that's what
 I'm currently running, but CURRENT should be pretty close, except for 
 the
 default setting of pmap_pcid_enabled.
 
 By the way, the logic in the invalidation functions is a bit messy now
 and can probably be simplified. Also, is there a good reason for 
 ignoring
 the pmap argument in smp_masked_invltlb(...)?
 
 /Henrik
 
 P.S. After five days it turns out that mx1.FreeBSD.org has been 
 rejecting
 this email due to a slight misconfiguration of my mail server. I hope 
 that
 I haven't caused too many hours of frustration by this failure to report
 the bug fix in due time. Anyway, in the meantime my test (java/openjdk6
 building itself) has been running continuously in the background. It 
 used
 to fail almost every single time, but has now gone through 765 
 iterations
 without a single crash. I believe that indicates that the bug is fixed.
 --=_ef7706356ad2b17cefd08d9045174740
 Content-Transfer-Encoding: base64
 Content-Type: text/x-diff;
  name=pr187238.patch
 Content-Disposition: attachment;
  filename=pr187238.patch;
  size=1755
 
 SW5kZXg6IHN5cy9hbWQ2NC9hbWQ2NC9hcGljX3ZlY3Rvci5TCj09PT09PT09PT09PT09PT09PT09
 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHN5cy9h
 bWQ2NC9hbWQ2NC9hcGljX3ZlY3Rvci5TCShyZXZpc2lvbiAyNjMyOTApCisrKyBzeXMvYW1kNjQv
 YW1kNjQvYXBpY192ZWN0b3IuUwkod29ya2luZyBjb3B5KQpAQCAtMTc3LDcgKzE3NywxMCBAQAog
 CWp6CTJmCiAJc3dhcGdzCiAyOgorCWJ0bAklZWF4LFBNX0FDVElWRSglcmR4KQorCWpjCTNmCiAJ
 TEsgYnRjbAklZWF4LFBNX1NBVkUoJXJkeCkKKzM6CiAJU1VQRVJBTElHTl9URVhUCiBpbnZsdGxi
 X3JldF9yZHg6CiAJcG9wcQklcmR4CkluZGV4OiBzeXMvYW1kNjQvYW1kNjQvcG1hcC5jCj09PT09
 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
 PT09PT0KLS0tIHN5cy9hbWQ2NC9hbWQ2NC9wbWFwLmMJKHJldmlzaW9uIDI2MzI5MCkKKysrIHN5
 cy9hbWQ2NC9hbWQ2NC9wbWFwLmMJKHdvcmtpbmcgY29weSkKQEAgLTM2Nyw3ICszNjcsNyBAQAog
 CiBzdGF0aWMgc3RydWN0IHVucmhkciBwY2lkX3VucjsKIHN0YXRpYyBzdHJ1Y3QgbXR4IHBjaWRf
 bXR4OwotaW50IHBtYXBfcGNpZF9lbmFibGVkID0gMDsKK2ludCBwbWFwX3BjaWRfZW5hYmxlZCA9
 IDE7CiBTWVNDVExfSU5UKF92bV9wbWFwLCBPSURfQVVUTywgcGNpZF9lbmFibGVkLCBDVExGTEFH
 X1JEVFVOLCAmcG1hcF9wY2lkX2VuYWJsZWQsCiAgICAgMCwgIklzIFRMQiBDb250ZXh0IElEIGVu
 YWJsZWQgPyIpOwogaW50IGludnBjaWRfd29ya3MgPSAwOwpAQCAtODM4LDcgKzgzOCw3IEBACiAJ
 a2VybmVsX3BtYXAtPnBtX3BtbDQgPSAocGRwX2VudHJ5X3QgKilQSFlTX1RPX0RNQVAoS1BNTDRw
 aHlzKTsKIAlrZXJuZWxfcG1hcC0+cG1fY3IzID0gS1BNTDRwaHlzOwogCUNQVV9GSUxMKCZrZXJu
 ZWxfcG1hcC0+cG1fYWN0aXZlKTsJLyogZG9uJ3QgYWxsb3cgZGVhY3RpdmF0aW9uICovCi0JQ1BV
 X1pFUk8oJmtlcm5lbF9wbWFwLT5wbV9zYXZlKTsKKwlDUFVfRklMTCgma2VybmVsX3BtYXAtPnBt
 X3NhdmUpOwkvKiBhbHdheXMgc3VwZXJzZXQgb2YgcG1fYWN0aXZlICovCiAJVEFJTFFfSU5JVCgm
 a2VybmVsX3BtYXAtPnBtX3B2Y2h1bmspOwogCWtlcm5lbF9wbWFwLT5wbV9mbGFncyA9IHBtYXBf
 ZmxhZ3M7CiAKQEAgLTE0OTIsNyArMTQ5Miw4IEBACiAJCX0gZWxzZSB7CiAJCQlpbnZsdGxiX2ds
 b2JwY2lkKCk7CiAJCX0KLQkJQ1BVX0NMUl9BVE9NSUMoY3B1aWQsICZwbWFwLT5wbV9zYXZlKTsK
 KwkJaWYgKCFDUFVfSVNTRVQoY3B1aWQsICZwbWFwLT5wbV9hY3RpdmUpKQorCQkJQ1BVX0NMUl9B
 VE9NSUMoY3B1aWQsICZwbWFwLT5wbV9zYXZlKTsKIAkJc21wX2ludmx0bGIocG1hcCk7CiAJfSBl
 bHNlIHsKIAkJb3RoZXJfY3B1cyA9IGFsbF9jcHVzOwpAQCAtMTUyNiw3ICsxNTI3LDggQEAKIAkJ
 CX0KIAkJfSBlbHNlIGlmIChDUFVfSVNTRVQoY3B1aWQsICZwbWFwLT5wbV9hY3RpdmUpKQogCQkJ
 aW52bHRsYigpOwotCQlDUFVfQ0xSX0FUT01JQyhjcHVpZCwgJnBtYXAtPnBtX3NhdmUpOworCQlp
 ZiAoIUNQVV9JU1NFVChjcHVpZCwgJnBtYXAtPnBtX2FjdGl2ZSkpCisJCQlDUFVfQ0xSX0FUT01J
 QyhjcHVpZCwgJnBtYXAtPnBtX3NhdmUpOwogCQlpZiAocG1hcF9wY2lkX2VuYWJsZWQpCiAJCQlD
 UFVfQU5EKCZvdGhlcl9jcHVzLCAmcG1hcC0+cG1fc2F2ZSk7CiAJCWVsc2UK
 --=_ef7706356ad2b17cefd08d9045174740--