A possible unbounded loop in moea_sync_icache: why sys/vm/mlock_test:mlock__copy_on_write_vnode fails?
Leandro Lupori
leandro.lupori at gmail.com
Thu Jan 9 11:12:37 UTC 2020
Interesting, this looks like the same issue that was fixed on 64-bit some
time ago: https://reviews.freebsd.org/D19149.
On Thu, Jan 9, 2020 at 3:03 AM Mark Millard via freebsd-ppc <
freebsd-ppc at freebsd.org> wrote:
> In the statement:
>
> lim = round_page(va);
>
> later below in moea_sync_icache, it uses:
>
> #define round_page(x) (((x) + PAGE_MASK) & ~PAGE_MASK)
>
> So, for PAGE_MASK==(4096u-1u) the statement translates
> to, in essence (the u's are conceptual here):
>
> lim = ((va)+4095u) & ~4095u;
>
> That means that if va%4096u==0 then teh result
> is lim==va .
>
> In turn, that means that:
>
> len = MIN(lim - va, sz);
>
> results in len==0.
>
> That in turn means that:
>
> sz -= len;
>
> does not change sz.
>
> Overall result: the loop tesing sz>0 does not
> terminate.
>
> I expect that is why the kyua test:
>
> sys/vm/mlock_test:mlock__copy_on_write_vnode :
>
> is failing.
>
>
> The code in question:
>
> static void
> moea_sync_icache(mmu_t mmu, pmap_t pm, vm_offset_t va, vm_size_t sz)
> {
> struct pvo_entry *pvo;
> vm_offset_t lim;
> vm_paddr_t pa;
> vm_size_t len;
>
> PMAP_LOCK(pm);
> while (sz > 0) {
> lim = round_page(va);
> len = MIN(lim - va, sz);
> pvo = moea_pvo_find_va(pm, va & ~ADDR_POFF, NULL);
> if (pvo != NULL) {
> pa = (pvo->pvo_pte.pte.pte_lo & PTE_RPGN) |
> (va & ADDR_POFF);
> moea_syncicache(pa, len);
> }
> va += len;
> sz -= len;
> }
> PMAP_UNLOCK(pm);
> }
>
>
> ===
> Mark Millard
> marklmi at yahoo.com
> ( dsl-only.net went
> away in early 2018-Mar)
>
> _______________________________________________
> freebsd-ppc at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ppc
> To unsubscribe, send any mail to "freebsd-ppc-unsubscribe at freebsd.org"
>
More information about the freebsd-ppc
mailing list