NetBSD Problem Report #33166
From www@netbsd.org Wed Mar 29 21:30:43 2006
Return-Path: <www@netbsd.org>
Received: by narn.netbsd.org (Postfix, from userid 31301)
id 1D19363B8C7; Wed, 29 Mar 2006 21:30:43 +0000 (UTC)
Message-Id: <20060329213043.1D19363B8C7@narn.netbsd.org>
Date: Wed, 29 Mar 2006 21:30:43 +0000 (UTC)
From: gdamore@netbsd.org
Reply-To: gdamore@netbsd.org
To: gnats-bugs@netbsd.org
Subject: pmap_remove_pv called for unmanaged pages
X-Send-Pr-Version: www-1.0
>Number: 33166
>Category: port-mips
>Synopsis: pmap_remove_pv called for unmanaged pages
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: gdamore
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Mar 29 21:35:00 +0000 2006
>Closed-Date: Thu Mar 30 22:59:35 +0000 2006
>Last-Modified: Sat Jan 26 18:42:03 +0000 2008
>Originator: Garrett D'Amore
>Release: 3.99.17
>Organization:
Tadpole Computer, Inc.
>Environment:
NetBSD cabernet 3.99.17 NetBSD 3.99.17 (METEOR) #10: Wed Mar 29 12:52:54 PST 2006 garrett@zippy:/home/garrett/netbsd/src/sys/arch/evbmips/compile/obj/METEOR evbmips
>Description:
when munmap() is called for a previously mmap()ed region of framebuffer memory located in high memory (> 4GB on Alchemy), pmap_remove tries to call pmap_remove_pv with a null "pg". This results in a panic.
>How-To-Repeat:
stick a pci device on PCI alchemy, and then mmap() some of it. when your process munmap()'s it (or exits), the system will panic.
>Fix:
Add appropriate checks for null pg. Here's a diff:
*** pmap.c.~1.166.~ Sat Dec 24 12:07:19 2005
--- pmap.c Wed Mar 29 12:52:07 2006
***************
*** 730,736 ****
pmap->pm_stats.wired_count--;
pmap->pm_stats.resident_count--;
pg = PHYS_TO_VM_PAGE(mips_tlbpfn_to_paddr(entry));
! pmap_remove_pv(pmap, sva, pg);
if (MIPS_HAS_R4K_MMU)
/* See above about G bit */
pte->pt_entry = MIPS3_PG_NV | MIPS3_PG_G;
--- 730,737 ----
pmap->pm_stats.wired_count--;
pmap->pm_stats.resident_count--;
pg = PHYS_TO_VM_PAGE(mips_tlbpfn_to_paddr(entry));
! if (pg)
! pmap_remove_pv(pmap, sva, pg);
if (MIPS_HAS_R4K_MMU)
/* See above about G bit */
pte->pt_entry = MIPS3_PG_NV | MIPS3_PG_G;
***************
*** 789,795 ****
pmap->pm_stats.wired_count--;
pmap->pm_stats.resident_count--;
pg = PHYS_TO_VM_PAGE(mips_tlbpfn_to_paddr(entry));
! pmap_remove_pv(pmap, sva, pg);
pte->pt_entry = mips_pg_nv_bit();
/*
* Flush the TLB for the given address.
--- 790,797 ----
pmap->pm_stats.wired_count--;
pmap->pm_stats.resident_count--;
pg = PHYS_TO_VM_PAGE(mips_tlbpfn_to_paddr(entry));
! if (pg)
! pmap_remove_pv(pmap, sva, pg);
pte->pt_entry = mips_pg_nv_bit();
/*
* Flush the TLB for the given address.
>Release-Note:
>Audit-Trail:
From: Garrett D'Amore <gdamore@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: PR/33166 CVS commit: src/sys/arch/mips/mips
Date: Thu, 30 Mar 2006 05:57:01 +0000 (UTC)
Module Name: src
Committed By: gdamore
Date: Thu Mar 30 05:57:01 UTC 2006
Modified Files:
src/sys/arch/mips/mips: pmap.c
Log Message:
Don't pmap_remove_pv mappings for unmanaged pages.
Closes PR mips/33166. Reviewed by chuq@
To generate a diff of this commit:
cvs rdiff -r1.166 -r1.167 src/sys/arch/mips/mips/pmap.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Responsible-Changed-From-To: port-mips-maintainer->gdamore@netbsd.org
Responsible-Changed-By: gdamore@netbsd.org
Responsible-Changed-When: Thu, 30 Mar 2006 22:59:35 +0000
Responsible-Changed-Why:
I committed the fix.
State-Changed-From-To: open->closed
State-Changed-By: gdamore@netbsd.org
State-Changed-When: Thu, 30 Mar 2006 22:59:35 +0000
State-Changed-Why:
I committed the fix.
Responsible-Changed-From-To: gdamore@netbsd.org->gdamore
Responsible-Changed-By: dholland@narn.netbsd.org
Responsible-Changed-When: Sat, 26 Jan 2008 18:42:03 +0000
Responsible-Changed-Why:
cleaning database (pr is closed)
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.