From owner-freebsd-stable  Wed Mar  6 19:52: 6 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by hub.freebsd.org (Postfix) with ESMTP id 7FCA337B400
	for <freebsd-stable@FreeBSD.ORG>; Wed,  6 Mar 2002 19:51:53 -0800 (PST)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.11.6/8.9.1) id g273pdb63445;
	Wed, 6 Mar 2002 19:51:39 -0800 (PST)
	(envelope-from dillon)
Date: Wed, 6 Mar 2002 19:51:39 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200203070351.g273pdb63445@apollo.backplane.com>
To: Mike Tancsa <mike@sentex.net>,
	David Malone <dwmalone@maths.tcd.ie>,
	Harry Newton <harry_newton@telinco.co.uk>
Cc: freebsd-stable@FreeBSD.ORG
Subject: patch (was Re: reproducable panic with python)
References: <867koq7gp7.fsf@basilisk.locus>
 <20020306220959.GA47881@walton.maths.tcd.ie>
 <5.1.0.14.0.20020306205947.0513fcc8@192.168.0.12> <5.1.0.14.0.20020306222755.04151720@192.168.0.12>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

    This should fix it.  Included below is the test program to reproduce
    the panic and the patch that will fix it. 

    The mmap() that triggers it is a MAP_ANON|MAP_NOSYNC mmap.

    I am starting a commit cycle now.  

						-Matt

#include <sys/types.h>
#include <sys/mman.h>
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <assert.h>

#define SIZE    (512*1024*1024)
#define SYNC    (1*1024*1024)

int
main(int ac, char **av)
{
    void *ptr;

    ptr = mmap(NULL, 4096, PROT_READ, MAP_ANON, -1, 0);
    assert(ptr != MAP_FAILED);
    ptr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_ANON|MAP_NOSYNC, -1, 0);
    assert(ptr != MAP_FAILED);
    msync(ptr, 4096, 0);
}


Index: vm/vm_map.c
===================================================================
RCS file: /home/ncvs/src/sys/vm/vm_map.c,v
retrieving revision 1.187.2.12
diff -u -r1.187.2.12 vm_map.c
--- vm/vm_map.c	10 Nov 2001 22:27:09 -0000	1.187.2.12
+++ vm/vm_map.c	7 Mar 2002 03:45:42 -0000
@@ -1741,8 +1741,11 @@
 		 * to write out.
 		 * We invalidate (remove) all pages from the address space
 		 * anyway, for semantic correctness.
+		 *
+		 * note: certain anonymous maps, such as MAP_NOSYNC maps,
+		 * may start out with a NULL object.
 		 */
-		while (object->backing_object) {
+		while (object && object->backing_object) {
 			object = object->backing_object;
 			offset += object->backing_object_offset;
 			if (object->size < OFF_TO_IDX( offset + size))

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message