NetBSD Problem Report #33166

From www@netbsd.org  Wed Mar 29 21:30:43 2006
Return-Path: <www@netbsd.org>
Received: by narn.netbsd.org (Postfix, from userid 31301)
	id 1D19363B8C7; Wed, 29 Mar 2006 21:30:43 +0000 (UTC)
Message-Id: <20060329213043.1D19363B8C7@narn.netbsd.org>
Date: Wed, 29 Mar 2006 21:30:43 +0000 (UTC)
From: gdamore@netbsd.org
Reply-To: gdamore@netbsd.org
To: gnats-bugs@netbsd.org
Subject: pmap_remove_pv called for unmanaged pages
X-Send-Pr-Version: www-1.0

>Number:         33166
>Category:       port-mips
>Synopsis:       pmap_remove_pv called for unmanaged pages
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    gdamore
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Mar 29 21:35:00 +0000 2006
>Closed-Date:    Thu Mar 30 22:59:35 +0000 2006
>Last-Modified:  Sat Jan 26 18:42:03 +0000 2008
>Originator:     Garrett D'Amore
>Release:        3.99.17
>Organization:
Tadpole Computer, Inc.
>Environment:
NetBSD cabernet 3.99.17 NetBSD 3.99.17 (METEOR) #10: Wed Mar 29 12:52:54 PST 2006  garrett@zippy:/home/garrett/netbsd/src/sys/arch/evbmips/compile/obj/METEOR evbmips


>Description:
when munmap() is called for a previously mmap()ed region of framebuffer memory located in high memory (> 4GB on Alchemy), pmap_remove tries to call pmap_remove_pv with a null "pg".  This results in a panic.
>How-To-Repeat:
stick a pci device on PCI alchemy, and then mmap() some of it.  when your process munmap()'s it (or exits), the system will panic.
>Fix:
Add appropriate checks for null pg.  Here's a diff:

*** pmap.c.~1.166.~    Sat Dec 24 12:07:19 2005
--- pmap.c    Wed Mar 29 12:52:07 2006
***************
*** 730,736 ****
                  pmap->pm_stats.wired_count--;
              pmap->pm_stats.resident_count--;
              pg = PHYS_TO_VM_PAGE(mips_tlbpfn_to_paddr(entry));
!             pmap_remove_pv(pmap, sva, pg);
              if (MIPS_HAS_R4K_MMU)
                  /* See above about G bit */
                  pte->pt_entry = MIPS3_PG_NV | MIPS3_PG_G;
--- 730,737 ----
                  pmap->pm_stats.wired_count--;
              pmap->pm_stats.resident_count--;
              pg = PHYS_TO_VM_PAGE(mips_tlbpfn_to_paddr(entry));
!             if (pg)
!                 pmap_remove_pv(pmap, sva, pg);
              if (MIPS_HAS_R4K_MMU)
                  /* See above about G bit */
                  pte->pt_entry = MIPS3_PG_NV | MIPS3_PG_G;
***************
*** 789,795 ****
                  pmap->pm_stats.wired_count--;
              pmap->pm_stats.resident_count--;
              pg = PHYS_TO_VM_PAGE(mips_tlbpfn_to_paddr(entry));
!             pmap_remove_pv(pmap, sva, pg);
              pte->pt_entry = mips_pg_nv_bit();
              /*
               * Flush the TLB for the given address.
--- 790,797 ----
                  pmap->pm_stats.wired_count--;
              pmap->pm_stats.resident_count--;
              pg = PHYS_TO_VM_PAGE(mips_tlbpfn_to_paddr(entry));
!             if (pg)
!                 pmap_remove_pv(pmap, sva, pg);
              pte->pt_entry = mips_pg_nv_bit();
              /*
               * Flush the TLB for the given address.


>Release-Note:

>Audit-Trail:
From: Garrett D'Amore <gdamore@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: PR/33166 CVS commit: src/sys/arch/mips/mips
Date: Thu, 30 Mar 2006 05:57:01 +0000 (UTC)

 Module Name:	src
 Committed By:	gdamore
 Date:		Thu Mar 30 05:57:01 UTC 2006

 Modified Files:
 	src/sys/arch/mips/mips: pmap.c

 Log Message:
 Don't pmap_remove_pv mappings for unmanaged pages.
 Closes PR mips/33166.  Reviewed by chuq@


 To generate a diff of this commit:
 cvs rdiff -r1.166 -r1.167 src/sys/arch/mips/mips/pmap.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Responsible-Changed-From-To: port-mips-maintainer->gdamore@netbsd.org
Responsible-Changed-By: gdamore@netbsd.org
Responsible-Changed-When: Thu, 30 Mar 2006 22:59:35 +0000
Responsible-Changed-Why:
I committed the fix.


State-Changed-From-To: open->closed
State-Changed-By: gdamore@netbsd.org
State-Changed-When: Thu, 30 Mar 2006 22:59:35 +0000
State-Changed-Why:
I committed the fix.


Responsible-Changed-From-To: gdamore@netbsd.org->gdamore
Responsible-Changed-By: dholland@narn.netbsd.org
Responsible-Changed-When: Sat, 26 Jan 2008 18:42:03 +0000
Responsible-Changed-Why:
cleaning database (pr is closed)


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.