virtualbox kmod: pages incorrectly inserted into user map

Andriy Gapon avg at
Mon May 23 07:42:32 UTC 2011

It seems that Virtualbox kernel module for FreeBSD has incorrect code for
inserting kernel pages into a user map.

First, vm_map_find(object=NULL) + pmap_enter() approach should not be applied to
a user map.  I am told that a pmap of a user process can be completely destroyed
and re-constructed.  And for the latter we must have correct mappings in the vm
map, which will not be the case with this approach.

Second, and probably as result of the above, Virtualbox may insert invalid pages
into a user map.  I am told that this must not be done ever.
Here is an example of a panic that may result from this:
panic: vm_page_dirty: page is invalid!
(kgdb) bt
#0  doadump () at pcpu.h:224
#1  0xffffffff80482b12 in kern_reboot (howto=260) at
#2  0xffffffff80482246 in panic (fmt=0x104 <Address 0x104 out of bounds>) at
#3  0xffffffff8063bcdc in vm_page_dirty (m=0x0) at /usr/src/sys/vm/vm_page.c:742
#4  0xffffffff8062d00d in vm_fault_quick_hold_pages (map=0xfffffe00448db7a8,
addr=35092844544, len=Variable "len" is not available.
) at /usr/src/sys/vm/vm_fault.c:1094
#5  0xffffffff8050953e in vmapbuf (bp=0xffffff80e5891020) at
#6  0xffffffff80473637 in physio (dev=0xfffffe0007e51a00,
uio=0xffffff811f417aa0, ioflag=Variable "ioflag" is not available.
) at /usr/src/sys/kern/kern_physio.c:95
#7  0xffffffff803e8fac in devfs_read_f (fp=0xfffffe00744cf3c0,
uio=0xffffff811f417aa0, cred=Variable "cred" is not available.
) at /usr/src/sys/fs/devfs/devfs_vnops.c:1152
#8  0xffffffff804d7028 in dofileread (td=0xfffffe0083f07480, fd=32,
fp=0xfffffe00744cf3c0, auio=0xffffff811f417aa0, offset=Variable "offset" is not
) at file.h:231
#9  0xffffffff804d733f in kern_readv (td=0xfffffe0083f07480, fd=32,
auio=0xffffff811f417aa0) at /usr/src/sys/kern/sys_generic.c:238
#10 0xffffffff804d744c in read (td=0x0, uap=0x0) at
#11 0xffffffff804cc5ae in syscallenter (td=0xfffffe0083f07480,
sa=0xffffff811f417bc0) at /usr/src/sys/kern/subr_trap.c:344
#12 0xffffffff806658c2 in syscall (frame=0xffffff811f417c50) at
#13 0xffffffff8064f76d in Xfast_syscall () at

I have no patches at the moment to correctly fix these problems.
I use a (hackish) work-around to the second issue which is to add the following
line to rtR0MemObjFreeBSDPhysPageInit:

pPage->valid      = VM_PAGE_BITS_ALL;

Andriy Gapon

More information about the freebsd-emulation mailing list