NetBSD Problem Report #45519
From tsutsui@ceres.dti.ne.jp Mon Oct 24 15:04:33 2011
Return-Path: <tsutsui@ceres.dti.ne.jp>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id BF75863B86B
for <gnats-bugs@gnats.NetBSD.org>; Mon, 24 Oct 2011 15:04:32 +0000 (UTC)
Message-Id: <201110241504.p9OF4SOq016987@mirage.localdomain>
Date: Tue, 25 Oct 2011 00:04:28 +0900 (JST)
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
Reply-To: tsutsui@ceres.dti.ne.jp
To: gnats-bugs@gnats.NetBSD.org
Cc: tsutsui@ceres.dti.ne.jp
Subject: rw_lock error panic in m68k pmap
X-Send-Pr-Version: 3.95
>Number: 45519
>Category: port-m68k
>Synopsis: rw_lock error panic in m68k pmap
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: tsutsui
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Oct 24 15:05:00 +0000 2011
>Closed-Date: Sun Mar 04 05:37:29 +0000 2012
>Last-Modified: Sun Mar 04 05:37:29 +0000 2012
>Originator: Izumi Tsutsui
>Release: NetBSD 5.99.56
>Organization:
>Environment:
System: NetBSD 5.99.56 on XM6i (X68030 emulator)
Architecture: m68k
Machine: x68k
>Description:
I got the following panic during running Xserver:
(typed from captured screen by hand)
---
[out of screen]
lock error
Stopped in pid 318.1 (ruby18) at netbsd:cpu_Debugger+0x6: unlk a
6
db> tr
cpu_Debugger(25b084,2b1d0c4,179e20,24c6a8,2b4069c) + 6
vpanic(2354a9,2b406a8,2b406a8,2b406b4,174e8c) + 1ba
panic(2354a9,2bad0c4,25b090,25b080,2b406cc) + 12
lockdebug_abort(25b084,24c6a8,227a6b,226c09) + 70
rw_abort(25b084,227a6b,226c09) + 1e
rw_enter(25b084,1,2b40758,0,719100) + 18e
vm_map_lock(25b080,25b080,2b40758,2,2800000) + 28
uvm_unmap1(25b080,29af000,29b0000,2800000) + 26
uvm_km_free(25b080,29af000,1000,1) + 70
pmap_free_pv(29af9c0) + ac
pmap_remove_mapping(2574b8,1c91000,ffc07244,1) +380
pmap_remove(2574b8,1c91000,1c92000,2116c78,25b080) + f8
uvm_unmap_remove(25b080,1c91000,1c92000,2b408a4,2b40898,0,25b080,25b080,2b40898,2) + 1e8
uvm_unmap1(25b080,1c91000,1c92000,0,2b40938) + 3e
lwp_ctl_exit(0,4,84,40b4b10,ffe8149a) + 46
exit1(2b1d0c0,84,e,ffe8100c,2b6089c) + a8
sigexit(2b1d0c0,4) +1d2
sendsig_siginfo(2b40f18,2b1d254) + 13e
sendsig(2b40f18,2b1d254) + 74
kpsendsig(2b1d0c0,2b40f18,2b1d254,1ca6fb4,80) + bc
trapsignal(2b1d0c0,2b40f18) + c2
trap(2b40f60,8,4010111,ffe8149a) + 97a
faltstksdj() + 4
db>
---
In this trace, uvm_map1() calls m68k pmap_remove(),
but it calls uvm_map1() via uvm_km_free() in pmap_free_pv()
(which frees a page for struct pv_entry), so that lock panic
is caused by the design of m68k pmap pv_entry allocation.
>How-To-Repeat:
Run heavy applications (like ruby) on Hibler's hp300 derived pmap m68k ports?
>Fix:
Probably it would be better to simply use pool(9) for pv_entry like mips,
instead of uvm_km_alloc() and homegrown pv_page_info structure:
Index: arch/m68k/include/pmap_motorola.h
===================================================================
RCS file: /cvsroot/src/sys/arch/m68k/include/pmap_motorola.h,v
retrieving revision 1.33
diff -u -p -r1.33 pmap_motorola.h
--- arch/m68k/include/pmap_motorola.h 3 Jun 2011 17:03:52 -0000 1.33
+++ arch/m68k/include/pmap_motorola.h 24 Oct 2011 13:36:57 -0000
@@ -191,6 +191,7 @@ struct pv_entry {
struct pmap *pv_ptpmap; /* if pv_ptste, pmap for PT page */
};
+#if 0
struct pv_page;
struct pv_page_info {
@@ -213,6 +214,7 @@ struct pv_page {
struct pv_page_info pvp_pgi;
struct pv_entry pvp_pv[NPVPPG];
};
+#endif
#define active_pmap(pm) \
((pm) == pmap_kernel() || (pm) == curproc->p_vmspace->vm_map.pmap)
Index: arch/m68k/m68k/pmap_motorola.c
===================================================================
RCS file: /cvsroot/src/sys/arch/m68k/m68k/pmap_motorola.c,v
retrieving revision 1.62
diff -u -p -r1.62 pmap_motorola.c
--- arch/m68k/m68k/pmap_motorola.c 12 Jun 2011 03:35:43 -0000 1.62
+++ arch/m68k/m68k/pmap_motorola.c 24 Oct 2011 13:36:58 -0000
@@ -283,9 +283,17 @@ pt_entry_t *caddr1_pte; /* PTE for CADDR
pt_entry_t *caddr2_pte; /* PTE for CADDR2 */
struct pool pmap_pmap_pool; /* memory pool for pmap structures */
+#if 1
+struct pool pmap_pv_pool; /* memory pool for pv entries */
+#endif
+#if 0
struct pv_entry *pmap_alloc_pv(void);
void pmap_free_pv(struct pv_entry *);
+#else
+#define pmap_alloc_pv() pool_get(&pmap_pv_pool, PR_NOWAIT)
+#define pmap_free_pv(pv) pool_put(&pmap_pv_pool, (pv))
+#endif
#define PAGE_IS_MANAGED(pa) (pmap_initialized && uvm_pageismanaged(pa))
@@ -542,6 +550,14 @@ pmap_init(void)
pool_init(&pmap_pmap_pool, sizeof(struct pmap), 0, 0, 0, "pmappl",
&pool_allocator_nointr, IPL_NONE);
+#if 1
+ /*
+ * Initialize the pv_entry pools.
+ */
+ pool_init(&pmap_pv_pool, sizeof(struct pv_entry), 0, 0, 0, "pvpl",
+ &pool_allocator_nointr, IPL_NONE);
+#endif
+
/*
* Now that this is done, mark the pages shared with the
* hardware page table search as non-CCB (actually, as CI).
@@ -578,6 +594,7 @@ pmap_init(void)
pmap_initialized = true;
}
+#if 0
/*
* pmap_alloc_pv:
*
@@ -713,6 +730,7 @@ pmap_collect_pv(void)
}
}
#endif
+#endif
/*
* pmap_map:
@@ -1301,6 +1319,9 @@ pmap_enter(pmap_t pmap, vaddr_t va, padd
panic("pmap_enter: already in pv_tab");
#endif
npv = pmap_alloc_pv();
+#if 1
+ KASSERT(npv != NULL);
+#endif
npv->pv_va = va;
npv->pv_pmap = pmap;
npv->pv_next = pv->pv_next;
@@ -1844,10 +1865,12 @@ pmap_collect(void)
}
splx(s);
+#if 0
#ifdef notyet
/* Go compact and garbage-collect the pv_table. */
pmap_collect_pv();
#endif
+#endif
}
/*
---
Izumi Tsutsui
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: port-m68k-maintainer->tsutsui
Responsible-Changed-By: tsutsui@NetBSD.org
Responsible-Changed-When: Tue, 25 Oct 2011 00:24:34 +0900
Responsible-Changed-Why:
I'm testing the patch.
State-Changed-From-To: open->analyzed
State-Changed-By: tsutsui@NetBSD.org
State-Changed-When: Tue, 25 Oct 2011 00:24:34 +0900
State-Changed-Why:
Trace inspection.
From: "Izumi Tsutsui" <tsutsui@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/45519 CVS commit: src/sys/arch/m68k
Date: Sat, 29 Oct 2011 18:26:20 +0000
Module Name: src
Committed By: tsutsui
Date: Sat Oct 29 18:26:20 UTC 2011
Modified Files:
src/sys/arch/m68k/include: pmap_motorola.h
src/sys/arch/m68k/m68k: pmap_motorola.c
Log Message:
Use pool(9) for struct pv_entry allocations rather than
uvm_km_alloc(9)/uvm_km_free(9) and ancient homegrown pv_page_info structures.
Calling uvm_km_free(9) during pmap_remove(9) could cause rw_lock error
in uvm_unmap1() as noted in PR port-m68k/45519.
NetBSD/x68k (both real X68030 and XM6i emulator) still gets weird panic
(corrupted kernel stack pointer?) on some heavy load:
---
panic: MMU fault
Stopped in pid 363.1 (X68k) at netbsd:cpu_Debugger+0x6: unlk a6
db> tr
cpu_Debugger(4012004,8,1cbb528,2a618e0,2a5b000) + 6
db>
---
but it also occurs without this change so there might be some more bugs
in m68k pmap...
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/sys/arch/m68k/include/pmap_motorola.h
cvs rdiff -u -r1.62 -r1.63 src/sys/arch/m68k/m68k/pmap_motorola.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Izumi Tsutsui" <tsutsui@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/45519 CVS commit: src/sys/arch/m68k/m68k
Date: Thu, 3 Nov 2011 14:39:05 +0000
Module Name: src
Committed By: tsutsui
Date: Thu Nov 3 14:39:05 UTC 2011
Modified Files:
src/sys/arch/m68k/m68k: pmap_motorola.c
Log Message:
Use pool_allocator_meta rather than pool_allocator_nointr to allocate
struct pv_entry pool in the previous fix for PR port-m68k/45519.
Per comment from yamt@ on source-changes-d@:
http://mail-index.NetBSD.org/source-changes-d/2011/10/31/msg004211.html
To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.64 src/sys/arch/m68k/m68k/pmap_motorola.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: analyzed->closed
State-Changed-By: tsutsui@NetBSD.org
State-Changed-When: Sun, 04 Mar 2012 14:37:29 +0900
State-Changed-Why:
Assume fixed.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home