NetBSD Problem Report #25639
Received: (qmail 14201 invoked by uid 605); 19 May 2004 13:46:04 -0000
Message-Id: <1084974359.582750.8991.nullmailer@yamt.dyndns.org>
Date: Wed, 19 May 2004 22:45:59 +0900
From: yamt@mwd.biglobe.ne.jp
Sender: gnats-bugs-owner@NetBSD.org
Reply-To: yamt@mwd.biglobe.ne.jp
To: gnats-bugs@gnats.netbsd.org
Subject: uvm_vslock / uvm_vsunlock problems
X-Send-Pr-Version: 3.95
>Number: 25639
>Category: kern
>Synopsis: uvm_vslock / uvm_vsunlock problems
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed May 19 13:47:00 +0000 2004
>Closed-Date:
>Last-Modified: Thu May 20 16:25:00 +0000 2004
>Originator: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
>Release: NetBSD 2.0E
>Organization:
>Environment:
System: NetBSD kaeru 2.0E NetBSD 2.0E (build.kaeru) #1310: Wed May 19 21:29:48 JST 2004 takashi@kaeru:/usr/home/takashi/work/kernel/build.kaeru i386
Architecture: i386
Machine: i386
>Description:
from Stephan Uphoff.
(http://mail-index.NetBSD.org/tech-kern/2003/07/10/0013.html)
> Problem 1:
> -----------
> uvm_vslock assumes that once a page is wired - it will stay wired until
> uvm_vsunlock (potentially) unwires it.
> This is not true for mmaped file pages when the file is truncated.
> (All managed mappings are released - page is freed)
>
> Problem 2:
> ----------
> The uvm_vslock() / uvm_vsunlock() pair assumes only one thread
> of control per address space.
> Because of clone(2) or scheduler activations (lwps) this is no longer always
> true.
>
> Problem 3:
> ----------
> uvm_vslock indirectly calls uvm_fault.
> If uvm_fault is called without an VM_PROT_WRITE
> bit in accesstype to wire a loaned page it will not
> break the loan.
> This can cause the buffer created by physio to eventual map to the
> wrong pages and could break a KASSERT in uvm_pagefree.
>How-To-Repeat:
>Fix:
> Solutions:
> ----------
> sys___sysctl can probably use a kernel buffer for the (hopefully few)
> occasions
> where copying is not allowed to block. (And copyout from the kernel buffer
> when it is save to do so)
> ( I assume this is the reason for the wiring but was too lazy to verify )
>
> The uvm_fault problem (3) could be fixed by always breaking loans on wire
> faults.
>
> I believe due to the first two problems physio can not be made to work
> correctly without resorting to mechanisms closely related to page loaning.
> (or the use of bounce buffers :-)
> Unfortunately this will need a major effort.
>Release-Note:
>Audit-Trail:
From: "Darrin B. Jewell" <dbj@netbsd.org>
To: yamt@mwd.biglobe.ne.jp
Cc: gnats-bugs@gnats.netbsd.org
Subject: Re: kern/25639: uvm_vslock / uvm_vsunlock problems
Date: 20 May 2004 12:21:32 -0400
--=-=-=
I noticed this problem as well and had boiled it down to this
reproducible test case. Compile the following program and run it on
on a raw character disk device.
On i386, it will quickly start printing out pmap unwiring complaints.
--=-=-=
Content-Disposition: attachment; filename=physiotest.c
Content-Description: test program to find physio bug
#include <sys/param.h>
#include <sys/types.h>
#include <sys/uio.h>
#include <unistd.h>
#include <fcntl.h>
#include <pthread.h>
#define NTHREADS 2
pthread_t threads[NTHREADS];
char iobuf[DEV_BSIZE];
int fd;
void *
doio(void *p)
{
int index = ((pthread_t *)p)-(&threads[0]);
int cnt = 0;
while (1) {
pwrite(fd, iobuf, sizeof(iobuf),
10*MAXBSIZE*((cnt++)*NTHREADS+index));
}
}
int
main(int argc, char *argv[])
{
int i;
fd = open(argv[1], O_WRONLY, 0);
for (i = 0; i < NTHREADS; i++)
pthread_create(&threads[i], NULL, &doio, &threads[i]);
pthread_join(threads[0], NULL);
return 0;
}
--=-=-=--
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home