9.2-STABLE: supervisor read data, page not present
Oliver Pinter
oliver.pntr at gmail.com
Mon Sep 9 15:39:23 UTC 2013
On 9/9/13, Konstantin Belousov <kostikbel at gmail.com> wrote:
> On Mon, Sep 09, 2013 at 08:45:21AM +0200, Oliver Pinter wrote:
>> On 9/9/13, Konstantin Belousov <kostikbel at gmail.com> wrote:
>> > On Sun, Sep 08, 2013 at 11:40:01PM +0200, Oliver Pinter wrote:
>> >> #6 0xffffffff806a2ab3 in cpuctl_ioctl (dev=<value optimized out>,
>> >> cmd=<value optimized out>, data=<value optimized out>, flags=0,
>> >> td=<value optimized out>) at /usr/src/sys/dev/cpuctl/cpuctl.c:478
>> >> cpu = <value optimized out>
>> >> ret = <value optimized out>
>> >
>> > Do you indeed posses VIA CPU ? Was it due to some violence act ?
>>
>> Nope, this is an Intel Q9300.
>>
>> FreeBSD clang version 3.3 (tags/RELEASE_33/final 183502) 20130610
>> CPU: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz (2499.76-MHz K8-class
>> CPU)
>> Origin = "GenuineIntel" Id = 0x10677 Family = 0x6 Model = 0x17
>> Stepping = 7
>>
>> Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
>>
>> Features2=0x8e3fd<SSE3,DTES64,MON,DS_CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1>
>> AMD Features=0x20100800<SYSCALL,NX,LM>
>> AMD Features2=0x1<LAHF>
>> TSC: P-state invariant, performance statistics
>> real memory = 4294967296 (4096 MB)
>> avail memory = 4103024640 (3912 MB)
>> Event timer "LAPIC" quality 400
>> ACPI APIC Table: <A_M_I_ OEMAPIC >
>> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
>> FreeBSD/SMP: 1 package(s) x 4 core(s)
>> cpu0 (BSP): APIC ID: 0
>> cpu1 (AP): APIC ID: 1
>> cpu2 (AP): APIC ID: 2
>> cpu3 (AP): APIC ID: 3
> Intel update code has the same issue. Still, it is weird that the debugger
> reported the line from the update_via().
>
>>
>>
>> >
>> > I am not sure about the first panic, lets fix the malloc/free
>> > corruption
>> > and see. The proc_reap() issue might be a consequence of the memory
>> > corruption from the wrong free().
>> >
>> > There is no public documentation for VIA CPUs, at least I was not
>> > able to find anything when I looked. According to the comment in the
>> > update_via(), all what is needed is that update buffer was 4-bytes
>> > aligned, which is always guaranteed by our malloc(9), at least for the
>> > allocation of size >=4.
>> >
>> > Try this.
>
> Updated patch.
>
> diff --git a/sys/dev/cpuctl/cpuctl.c b/sys/dev/cpuctl/cpuctl.c
> index 4e5abb2..317fc08 100644
> --- a/sys/dev/cpuctl/cpuctl.c
> +++ b/sys/dev/cpuctl/cpuctl.c
> @@ -295,10 +295,10 @@ cpuctl_do_update(int cpu, cpuctl_update_args_t *data,
> struct thread *td)
> static int
> update_intel(int cpu, cpuctl_update_args_t *args, struct thread *td)
> {
> - void *ptr = NULL;
> + void *ptr;
> uint64_t rev0, rev1;
> uint32_t tmp[4];
> - int is_bound = 0;
> + int is_bound;
> int oldcpu;
> int ret;
>
> @@ -312,10 +312,11 @@ update_intel(int cpu, cpuctl_update_args_t *args,
> struct thread *td)
> }
>
> /*
> - * 16 byte alignment required.
> + * 16 byte alignment required. Rely on the fact that
> + * malloc(9) always returns the pointer aligned at least on
> + * the size of the allocation.
> */
> ptr = malloc(args->size + 16, M_CPUCTL, M_WAITOK);
> - ptr = (void *)(16 + ((intptr_t)ptr & ~0xf));
> if (copyin(args->data, ptr, args->size) != 0) {
> DPRINTF("[cpuctl,%d]: copyin %p->%p of %zd bytes failed",
> __LINE__, args->data, ptr, args->size);
> @@ -408,10 +409,10 @@ fail:
> static int
> update_via(int cpu, cpuctl_update_args_t *args, struct thread *td)
> {
> - void *ptr = NULL;
> + void *ptr;
> uint64_t rev0, rev1, res;
> uint32_t tmp[4];
> - int is_bound = 0;
> + int is_bound;
> int oldcpu;
> int ret;
>
> @@ -427,8 +428,7 @@ update_via(int cpu, cpuctl_update_args_t *args, struct
> thread *td)
> /*
> * 4 byte alignment required.
> */
> - ptr = malloc(args->size + 16, M_CPUCTL, M_WAITOK);
> - ptr = (void *)(16 + ((intptr_t)ptr & ~0xf));
> + ptr = malloc(args->size, M_CPUCTL, M_WAITOK);
> if (copyin(args->data, ptr, args->size) != 0) {
> DPRINTF("[cpuctl,%d]: copyin %p->%p of %zd bytes failed",
> __LINE__, args->data, ptr, args->size);
>
Thanks, this patch fixed the issue.
More information about the freebsd-stable
mailing list