Date: Mon, 9 Sep 2013 08:14:44 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Oliver Pinter <oliver.pntr@gmail.com> Cc: stable@freebsd.org Subject: Re: 9.2-STABLE: supervisor read data, page not present Message-ID: <20130909051444.GG41229@kib.kiev.ua> In-Reply-To: <CAPjTQNGusVYJpUxb-uuUwBD%2B8tJijLAB6u=pbFWvbE0%2B19-RXQ@mail.gmail.com> References: <CAPjTQNFxUFAUx9U3heVgDH9D8_TJ9NuOwcwUfSEi_RegQ5-wpw@mail.gmail.com> <CAPjTQNGusVYJpUxb-uuUwBD%2B8tJijLAB6u=pbFWvbE0%2B19-RXQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--ie9RhXlkjyREuElA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Sep 08, 2013 at 11:40:01PM +0200, Oliver Pinter wrote:
> #6 0xffffffff806a2ab3 in cpuctl_ioctl (dev=3D<value optimized out>,=20
> cmd=3D<value optimized out>, data=3D<value optimized out>, flags=3D0,=
=20
> td=3D<value optimized out>) at /usr/src/sys/dev/cpuctl/cpuctl.c:478
> cpu =3D <value optimized out>
> ret =3D <value optimized out>
Do you indeed posses VIA CPU ? Was it due to some violence act ?
I am not sure about the first panic, lets fix the malloc/free corruption
and see. The proc_reap() issue might be a consequence of the memory
corruption from the wrong free().
There is no public documentation for VIA CPUs, at least I was not
able to find anything when I looked. According to the comment in the
update_via(), all what is needed is that update buffer was 4-bytes
aligned, which is always guaranteed by our malloc(9), at least for the
allocation of size >=3D4.
Try this.
diff --git a/sys/dev/cpuctl/cpuctl.c b/sys/dev/cpuctl/cpuctl.c
index 4e5abb2..ca5ed56 100644
--- a/sys/dev/cpuctl/cpuctl.c
+++ b/sys/dev/cpuctl/cpuctl.c
@@ -408,10 +408,10 @@ fail:
static int
update_via(int cpu, cpuctl_update_args_t *args, struct thread *td)
{
- void *ptr =3D NULL;
+ void *ptr;
uint64_t rev0, rev1, res;
uint32_t tmp[4];
- int is_bound =3D 0;
+ int is_bound;
int oldcpu;
int ret;
=20
@@ -427,8 +427,7 @@ update_via(int cpu, cpuctl_update_args_t *args, struct =
thread *td)
/*
* 4 byte alignment required.
*/
- ptr =3D malloc(args->size + 16, M_CPUCTL, M_WAITOK);
- ptr =3D (void *)(16 + ((intptr_t)ptr & ~0xf));
+ ptr =3D malloc(args->size, M_CPUCTL, M_WAITOK);
if (copyin(args->data, ptr, args->size) !=3D 0) {
DPRINTF("[cpuctl,%d]: copyin %p->%p of %zd bytes failed",
__LINE__, args->data, ptr, args->size);
--ie9RhXlkjyREuElA
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (FreeBSD)
iQIcBAEBAgAGBQJSLVlDAAoJEJDCuSvBvK1BvnEP/RXZlu7xSCgfnUevd5nTX+Cx
6/WB6Bj5FFLBrdU/Tr4qYRnG/XMWA591ahTJdORFxna5EYBycJQvRCGS/KeKzZ2s
FtPazvniBgNWIvKQD5KzDOSHDS1+FBeh513Se29Nas+UOmERQtsGi0DdyjhEacdM
AWQZz4OnghyCf8jHc8/T1ST9h2GYxF2wXhAtOeMLf5FAYqBkkHO9dTATz00FdFxS
8L5aCoib5lGLWt0dnaBgXc4uwgsHvnukO8rPX/nNltO3x4p+bZh2zek1bhcc8xih
ZVDt5ZiP4ZykAPj+zMH1xuPfADY221pCm9OQEs2ZxzTipE0BW/G1Jf9d+bUG4e04
LRvHu3Htvi14Skg6CATi3+M5KVHiiqWqgdnz/Bd2AsJqZ8WI4L5EOZAOh2xnh1N8
2zwoikH0bgP+GbQyaBwpYHcBNJAzuyRpiA1RuzvRJ+6kl4r17h94+LiFpKygEOzA
qeRnIvbYDpzARcSqLntYc78aIo86yYfI1NgJH0KvDKSzaLqN9CwTx0JR/I8DBCeD
0z+yZ/icr+z8Xj/Uvseh7pY/OY37KK0OcWgWlDh0uHLJBL8MnczYjppMlKjqinOT
YfL1mYDpBTWpAM5l8lnPPO8nyIZIAk1APmgGuC2Oh2WNFavZ4d+6njJnPV0919vB
xl3ruq860oR0qBnEzGSH
=JSpx
-----END PGP SIGNATURE-----
--ie9RhXlkjyREuElA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130909051444.GG41229>