NetBSD Problem Report #20933

Received: (qmail 16987 invoked by uid 605); 29 Mar 2003 15:18:28 -0000
Message-Id: <200303291518.h2TFIP507593@mirage.ceres.dti.ne.jp>
Date: Sun, 30 Mar 2003 00:18:25 +0900 (JST)
From: tsutsui@ceres.dti.ne.jp
Sender: gnats-bugs-owner@netbsd.org
Reply-To: tsutsui@ceres.dti.ne.jp
To: gnats-bugs@gnats.netbsd.org
Cc: tsutsui@ceres.dti.ne.jp
Subject: hppa vmapbuf()/vunmapbuf() bugs
X-Send-Pr-Version: 3.95

>Number:         20933
>Category:       port-hppa
>Synopsis:       hppa vmapbuf()/vunmapbuf() bugs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-hppa-maintainer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Mar 29 15:19:00 +0000 2003
>Closed-Date:    Tue Nov 18 11:38:19 +0000 2003
>Last-Modified:  Sun Apr 30 08:03:16 +0000 2006
>Originator:     Izumi Tsutsui
>Release:        NetBSD 1.6K around 20021230, but -current has the same code
>Organization:
>Environment:
System: NetBSD 1.6K
Architecture: hppa
Machine: hp700 712/60 and 735/125
>Description:
Current vmapbuf()/vunmapbuf() in hppa/vm_machdep.c have bugs
which cause "DTLB miss trap" panics on physio access:
- In vmapbuf(), uvm_map(9) is called with wrong addr (uoffset) and size values.
  (size is rounded up, but addr isn't truncated)
- In vunmapbuf(), pmap_remove() is not called.

>How-To-Repeat:
Code inspection.

>Fix:
The following patch fixes the problems,
but It's better to sync with other ports.

Index: vm_machdep.c
===================================================================
RCS file: /cvsroot/src/sys/arch/hppa/hppa/vm_machdep.c,v
retrieving revision 1.2
diff -u -r1.2 vm_machdep.c
--- vm_machdep.c	2002/07/01 16:10:03	1.2
+++ vm_machdep.c	2003/03/29 14:53:31
@@ -290,9 +290,9 @@
 	p = bp->b_proc;
 	map = &p->p_vmspace->vm_map;
 	bp->b_saveaddr = bp->b_data;
-	addr = (vaddr_t)bp->b_saveaddr;
-	off = addr & PGOFSET;
-	size = round_page(bp->b_bcount + off);
+	addr = trunc_page((vaddr_t)bp->b_data);
+	off = (vaddr_t)bp->b_data - addr;
+	size = round_page(off + len);

 	/*
 	 * Note that this is an expanded version of:
@@ -311,7 +311,6 @@
 	}

 	bp->b_data = (caddr_t)(kva + off);
-	addr = trunc_page(addr);
 	npf = btoc(size);
 	while (npf--) {
 		/* not needed, thanks to PMAP_PREFER() */
@@ -335,7 +334,8 @@
 	struct buf *bp;
 	vsize_t len;
 {
-	vaddr_t addr, off;
+	vaddr_t addr;
+	vsize_t off;

 #ifdef DIAGNOSTIC
 	if ((bp->b_flags & B_PHYS) == 0)
@@ -344,6 +344,8 @@
 	addr = trunc_page((vaddr_t)bp->b_data);
 	off = (vaddr_t)bp->b_data - addr;
 	len = round_page(off + len);
+	pmap_remove(vm_map_pmap(phys_map), addr, addr + len);
+	pmap_update(pmap_kernel());
 	uvm_km_free_wakeup(phys_map, addr, len);
 	bp->b_data = bp->b_saveaddr;
 	bp->b_saveaddr = NULL;
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: chs 
State-Changed-When: Tue Nov 18 11:37:53 UTC 2003 
State-Changed-Why:  
fixed with rev. 1.7 of hppa/vm_machdep.c 

From: Chuck Silvers <chs@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:  
Subject: pr/20933 CVS commit: src/sys/arch/hppa/hppa
Date: Tue, 18 Nov 2003 11:37:39 +0000 (UTC)

 Module Name:	src
 Committed By:	chs
 Date:		Tue Nov 18 11:37:39 UTC 2003

 Modified Files:
 	src/sys/arch/hppa/hppa: vm_machdep.c

 Log Message:
 fix address computation in vmapbuf().  use uvm_km_valloc_prefer_wait().
 call pmap_remove() explicitly in vunmapbuf(), this has been required
 for several years now.  fixes PR 20933.


 To generate a diff of this commit:
 cvs rdiff -r1.6 -r1.7 src/sys/arch/hppa/hppa/vm_machdep.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.