10.0 BETA 3 with redports kernel panic
Sean Bruno
seanbru at yahoo-inc.com
Fri Dec 20 17:24:46 UTC 2013
On Fri, 2013-12-20 at 18:22 +0200, Konstantin Belousov wrote:
> On Fri, Dec 20, 2013 at 07:45:55AM -0800, Sean Bruno wrote:
> > With this change to pmap.c we blow up in keg_alloc_slab() now:
> >
> > FreeBSD clang version 3.3 (tags/RELEASE_33/final 183502) 20130610
> > kernel trap 12 with interrupts disabled
> >
> >
> > Fatal trap 12: page fault while in kernel mode
> > cpuid = 0; apic id = 00
> > fault virtual address = 0x8
> > fault code = supervisor write data, page not present
> > instruction pointer = 0x20:0xffffffff80b2602a
> > stack pointer = 0x28:0xffffffff81a90a50
> > frame pointer = 0x28:0xffffffff81a90ac0
> > code segment = base 0x0, limit 0xfffff, type 0x1b
> > = DPL 0, pres 1, long 1, def32 0, gran 1
> > processor eflags = resume, IOPL = 0
> > current process = 0 ()
> > [ thread pid 0 tid 0 ]
> > Stopped at keg_alloc_slab+0x13a: movq %r13,0x8(%rax)
> > db> whe
> > Tracing pid 0 tid 0 td 0xffffffff81527500
> > keg_alloc_slab() at keg_alloc_slab+0x13a/frame 0xffffffff81a90ac0
> > keg_fetch_slab() at keg_fetch_slab+0x152/frame 0xffffffff81a90b10
> > zone_fetch_slab() at zone_fetch_slab+0x7e/frame 0xffffffff81a90b50
> > zone_import() at zone_import+0x3c/frame 0xffffffff81a90b90
> > uma_zalloc_arg() at uma_zalloc_arg+0x33e/frame 0xffffffff81a90c10
> > malloc() at malloc+0x6a/frame 0xffffffff81a90c60
> > init_dynamic_kenv() at init_dynamic_kenv+0x8d/frame 0xffffffff81a90c90
> > mi_startup() at mi_startup+0x118/frame 0xffffffff81a90cb0
> > btext() at btext+0x2c
> > db> bt
> > Tracing pid 0 tid 0 td 0xffffffff81527500
> > keg_alloc_slab() at keg_alloc_slab+0x13a/frame 0xffffffff81a90ac0
> > keg_fetch_slab() at keg_fetch_slab+0x152/frame 0xffffffff81a90b10
> > zone_fetch_slab() at zone_fetch_slab+0x7e/frame 0xffffffff81a90b50
> > zone_import() at zone_import+0x3c/frame 0xffffffff81a90b90
> > uma_zalloc_arg() at uma_zalloc_arg+0x33e/frame 0xffffffff81a90c10
> > malloc() at malloc+0x6a/frame 0xffffffff81a90c60
> > init_dynamic_kenv() at init_dynamic_kenv+0x8d/frame 0xffffffff81a90c90
> > mi_startup() at mi_startup+0x118/frame 0xffffffff81a90cb0
> > btext() at btext+0x2c
> >
>
> This could be related, indeed.
>
> Lets limit the impact to the /dev/{,k}mem only. Please try this.
>
> diff --git a/sys/amd64/amd64/mem.c b/sys/amd64/amd64/mem.c
> index abbbb21..2a9b7c1 100644
> --- a/sys/amd64/amd64/mem.c
> +++ b/sys/amd64/amd64/mem.c
> @@ -98,7 +98,11 @@ memrw(struct cdev *dev, struct uio *uio, int flags)
> kmemphys:
> o = v & PAGE_MASK;
> c = min(uio->uio_resid, (u_int)(PAGE_SIZE - o));
> - error = uiomove((void *)PHYS_TO_DMAP(v), (int)c, uio);
> + v = PHYS_TO_DMAP(v);
> + if (v < DMAP_MIN_ADDRESS || v >= dmaplimit ||
> + pmap_kextract(v) == 0)
> + return (EFAULT);
> + error = uiomove((void *)v, (int)c, uio);
> continue;
> }
> else if (dev2unit(dev) == CDEV_MINOR_KMEM) {
> diff --git a/sys/amd64/amd64/pmap.c b/sys/amd64/amd64/pmap.c
> index 014020b..13404b0 100644
> --- a/sys/amd64/amd64/pmap.c
> +++ b/sys/amd64/amd64/pmap.c
> @@ -321,7 +321,7 @@ SYSCTL_INT(_machdep, OID_AUTO, nkpt, CTLFLAG_RD, &nkpt, 0,
> "Number of kernel page table pages allocated on bootup");
>
> static int ndmpdp;
> -static vm_paddr_t dmaplimit;
> +vm_paddr_t dmaplimit;
> vm_offset_t kernel_vm_end = VM_MIN_KERNEL_ADDRESS;
> pt_entry_t pg_nx;
>
> diff --git a/sys/amd64/include/pmap.h b/sys/amd64/include/pmap.h
> index 3918282..e83e07e 100644
> --- a/sys/amd64/include/pmap.h
> +++ b/sys/amd64/include/pmap.h
> @@ -369,6 +369,7 @@ extern vm_paddr_t phys_avail[];
> extern vm_paddr_t dump_avail[];
> extern vm_offset_t virtual_avail;
> extern vm_offset_t virtual_end;
> +extern vm_paddr_t dmaplimit;
>
> #define pmap_page_get_memattr(m) ((vm_memattr_t)(m)->md.pat_mode)
> #define pmap_page_is_write_mapped(m) (((m)->aflags & PGA_WRITEABLE) != 0)
Ok, we can boot again. System is up at this time and running.
sean
More information about the freebsd-stable
mailing list