From owner-freebsd-hackers  Fri Aug 24 17:41:40 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from InterJet.elischer.org (c421509-a.pinol1.sfba.home.com [24.7.86.9])
	by hub.freebsd.org (Postfix) with ESMTP id 1A6E937B407
	for <freebsd-hackers@FreeBSD.ORG>; Fri, 24 Aug 2001 17:41:37 -0700 (PDT)
	(envelope-from julian@elischer.org)
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id RAA60861;
	Fri, 24 Aug 2001 17:42:46 -0700 (PDT)
Date: Fri, 24 Aug 2001 17:42:45 -0700 (PDT)
From: Julian Elischer <julian@elischer.org>
To: Matt Dillon <dillon@earth.backplane.com>
Cc: Alfred Perlstein <bright@mu.org>, David Greenman <dg@root.com>,
	freebsd-hackers@FreeBSD.ORG
Subject: Re: Possible race in i386/i386/pmap.c:pmap_copy()
In-Reply-To: <200108241645.f7OGjgX96286@earth.backplane.com>
Message-ID: <Pine.BSF.4.21.0108241740190.60806-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Thinking about this a bit more....
doesn't each process ahve it's own PTD?, so a process could sleep and
another could run but it would have a differnt PTD
so they could change that PTDE with impunity
because when teh current process runs again it get's its own 
ptd back again..



On Fri, 24 Aug 2001, Matt Dillon wrote:

>     Alfred, DG, could you take a look at pmap_copy() in i386/i386/pmap.c
>     and tell me if what I think I'm seeing is what I'm seeing?
> 
>     My read of this code is that a global, APTDpde, is being set, and
>     then that pointer is being used in a loop later on in the routine.
>     the problem is that the pmap_allocpte() call can block and, by my
>     read, that means some other process can go in and change APTDpde out
>     from under the loop.
> 
>     This could also be related to problem Julian has been seeing with his
>     KSE patch set.
> 
>     There is a comment:
> 
>                                 /*
>                                  * We have to check after allocpte for the
>                                  * pte still being around...  allocpte can
>                                  * block.
>                                  */
>                                 dstmpte = pmap_allocpte(dst_pmap, addr);
>                                 if ((*dst_pte == 0) && (ptetemp = *src_pte)) {
>                                         /*
>                                          * Clear the modified and
> 					...
> 
>     But I do not believe this check is sufficient if APTDpde gets ripped
>     out from under the loop.  Is this race real or am I blowing smoke?
> 
> 						-Matt
> 
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message