Date: Wed, 24 Sep 2014 20:24:41 -0500 From: Bryan Drewery <bdrewery@FreeBSD.org> To: current@FreeBSD.org Subject: memguard(9) panics in proc_reap with vm.memguard.options=3 Message-ID: <54236ED9.5040005@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --sSU653x32KFDOGHvIcDsswV0KF29w8wmD Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable > #11 0xffffffff80976e12 in vmem_xfree (vm=3D0xffffffff816d2200, addr=3D1= 8446741889258000384, size=3D0) at /usr/src/sys/kern/subr_vmem.c:1237 > #12 0xffffffff80bafbe0 in memguard_free (ptr=3D<value optimized out>) a= t /usr/src/sys/vm/memguard.c:421 > #13 0xffffffff80904191 in free (addr=3D0xfffffe03648a9000, mtp=3D<value= optimized out>) at /usr/src/sys/kern/kern_malloc.c:554 > #14 0xffffffff808e733f in proc_reap (td=3D<value optimized out>, p=3D0x= fffff80bf043c000, status=3D<value optimized out>, options=3D<value optimi= zed out>) at /usr/src/sys/kern/kern_exit.c:882 > #15 0xffffffff808e784a in proc_to_reap (td=3D0xfffff8021d499000, p=3D0x= fffff80bf043c000, idtype=3D<value optimized out>, id=3D<value optimized o= ut>, status=3D0xfffffe35559bc914, options=3D55, The assert is "size > 0". I enabled vm.memguard.options=3D3 while the system was running. From reading is_memguard_addr() I assume it should be safe to do so. Only new allocations should be passed through memguard_free(). This panic seems to happen easily. This comment in sys/vm/memguard.c memguard_free() makes me think something is stale: > /* > * This requires carnal knowledge of the implementation of > * kmem_free(), but since we've already replaced kmem_malloc() > * above, it's not really any worse. We want to use the > * vm_map lock to serialize updates to memguard_wasted, since > * we had the lock at increment. > */ > kmem_unback(kmem_object, addr, size); > if (sizev > size) > addr -=3D PAGE_SIZE; > vmem_xfree(memguard_arena, addr, sizev); By the way, I can't get the kernel to even boot with vm.memguard.options=3D3. It panics very early in device probing IIRC. --=20 Regards, Bryan Drewery --sSU653x32KFDOGHvIcDsswV0KF29w8wmD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iQEcBAEBAgAGBQJUI27ZAAoJEDXXcbtuRpfP02MH+wTIaIYWKq5ZgmDH4coZgJAQ oJLyskOl9Im97CHakXrE2whcrLvTtEtSr8bhWPVKmuSGZLTZsevgAt4d1UEhzJA/ 86WjHgNJmRJWQzdUidvpxlKJFCmmuwUgxBKMq0sa8TlNfrq2NcX1+zGXX4TZYaM7 7hQY91xUmQldYZ9UoJJ6T1mB/63/ZKAV+jqaw8mwhlyEsU7XZDcZ828k7/ipIZdx 42HzKYh8SsI3nWraTqMGvYLjV6sZu7AR+F90ftSnCn1l+GMFBFaSwr16JYnea4I2 HXE0KGx8KEXxSL27rJkqa3oenwqAhBlGRZ/C4FQwjvYVqbd7fIjA/qa3dqbxcUc= =an3J -----END PGP SIGNATURE----- --sSU653x32KFDOGHvIcDsswV0KF29w8wmD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54236ED9.5040005>