Date: Mon, 24 Sep 2001 21:41:14 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Matt Dillon <dillon@earth.backplane.com> Cc: Ian Dowse <iedowse@maths.tcd.ie>, <hackers@freebsd.org> Subject: Re: VM Corruption - stumped, anyone have any ideas? Message-ID: <20010924213518.G70783-100000@achilles.silby.com> In-Reply-To: <200109242113.f8OLDbV96558@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Sep 2001, Matt Dillon wrote: > Yowzer. How the hell did that happen! Yes, you're right, the > vm_page_array[] pointer has gotten corrupted. If we assume that > the vm_page_t is valid (0xc0842acc), then the vm_page_buckets[] > pointer should be that. ... > This is very similar to the corruption I found on one of Yahoo's > machines. Except on that machine two bits were changed. It's as though > some other subsystem is trying to manipulate a flag in a structure using > a bad structure pointer. > > -Matt Ok, time to take a good stab at sticking my foot in my mouth here. Would it be possible to have a kernel mode where the read-only bit was turned on for malloc pools which shouldn't currently be accessed? This could be gated through the spl() calls (or specific mutexes on -current), ensuring that something like getpid couldn't stomp on the vm structures w/o first doing a splvm(). Obviously this wouldn't help find bugs in interrupt handlers or other high level calls, but it could help locate some memory corruption problems. Actually, since memory regions roughly follow locks, this could be an even more powerful tool on -current once it develops me. Is this even feasible in ring 0? Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010924213518.G70783-100000>