Date: Sun, 23 Mar 2014 12:10:01 GMT From: Henrik Gulbrandsen <henrik@gulbra.net> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/187238: =?UTF-8?Q?vm=2Epmap=2Epcid=5Fenabled=3D=22=31=22?= =?UTF-8?Q?=20causes=20Java=20to=20coredump=20in=20FBSD=20=31=30?= Message-ID: <201403231210.s2NCA12X053548@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/187238; it has been noted by GNATS. From: Henrik Gulbrandsen <henrik@gulbra.net> To: bug-followup@freebsd.org, freebsd-java@freebsd.org Cc: Craig Rodrigues <rodrigc@freebsd.org>, Konstantin Belousov <kib@freebsd.org>, Alan Cox <alc@freebsd.org> Subject: Re: kern/187238: =?UTF-8?Q?vm=2Epmap=2Epcid=5Fenabled=3D=22=31=22?= =?UTF-8?Q?=20causes=20Java=20to=20coredump=20in=20FBSD=20=31=30?= Date: Sun, 23 Mar 2014 13:03:00 +0100 --=_ef7706356ad2b17cefd08d9045174740 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=UTF-8; format=flowed This is the most time-consuming bug I've encountered in my life, and not only because I started looking for it in the JVM, but now it seems to have been hiding in plain sight. I'm pretty sure that pmap->pm_save is handled incorrectly in the current kernel. Judging from the code, it's supposed to include all CPUs where the pmap has been active since the latest call to pmap_invalidate_all(...). However, that means that it should always be a superset of pmap->pm_active, since any CPU where the pmap is active may cache pmap information at any time. Currently, this is not the case, and since only CPUs in pmap->pm_save are targeted in the TLB shootdown, we are left with inconsistencies that crash the process soon afterwards. The attached patch solves this by only clearing a CPU from pmap->pm_save if it is not currently included in pmap->pm_active. As far as I can tell, that eliminates the bug. The patch is against STABLE, since that's what I'm currently running, but CURRENT should be pretty close, except for the default setting of pmap_pcid_enabled. By the way, the logic in the invalidation functions is a bit messy now and can probably be simplified. Also, is there a good reason for ignoring the pmap argument in smp_masked_invltlb(...)? /Henrik P.S. After five days it turns out that mx1.FreeBSD.org has been rejecting this email due to a slight misconfiguration of my mail server. I hope that I haven't caused too many hours of frustration by this failure to report the bug fix in due time. Anyway, in the meantime my test (java/openjdk6 building itself) has been running continuously in the background. It used to fail almost every single time, but has now gone through 765 iterations without a single crash. I believe that indicates that the bug is fixed. --=_ef7706356ad2b17cefd08d9045174740 Content-Transfer-Encoding: base64 Content-Type: text/x-diff; name=pr187238.patch Content-Disposition: attachment; filename=pr187238.patch; size=1755 SW5kZXg6IHN5cy9hbWQ2NC9hbWQ2NC9hcGljX3ZlY3Rvci5TCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHN5cy9h bWQ2NC9hbWQ2NC9hcGljX3ZlY3Rvci5TCShyZXZpc2lvbiAyNjMyOTApCisrKyBzeXMvYW1kNjQv YW1kNjQvYXBpY192ZWN0b3IuUwkod29ya2luZyBjb3B5KQpAQCAtMTc3LDcgKzE3NywxMCBAQAog CWp6CTJmCiAJc3dhcGdzCiAyOgorCWJ0bAklZWF4LFBNX0FDVElWRSglcmR4KQorCWpjCTNmCiAJ TEsgYnRjbAklZWF4LFBNX1NBVkUoJXJkeCkKKzM6CiAJU1VQRVJBTElHTl9URVhUCiBpbnZsdGxi X3JldF9yZHg6CiAJcG9wcQklcmR4CkluZGV4OiBzeXMvYW1kNjQvYW1kNjQvcG1hcC5jCj09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT0KLS0tIHN5cy9hbWQ2NC9hbWQ2NC9wbWFwLmMJKHJldmlzaW9uIDI2MzI5MCkKKysrIHN5 cy9hbWQ2NC9hbWQ2NC9wbWFwLmMJKHdvcmtpbmcgY29weSkKQEAgLTM2Nyw3ICszNjcsNyBAQAog CiBzdGF0aWMgc3RydWN0IHVucmhkciBwY2lkX3VucjsKIHN0YXRpYyBzdHJ1Y3QgbXR4IHBjaWRf bXR4OwotaW50IHBtYXBfcGNpZF9lbmFibGVkID0gMDsKK2ludCBwbWFwX3BjaWRfZW5hYmxlZCA9 IDE7CiBTWVNDVExfSU5UKF92bV9wbWFwLCBPSURfQVVUTywgcGNpZF9lbmFibGVkLCBDVExGTEFH X1JEVFVOLCAmcG1hcF9wY2lkX2VuYWJsZWQsCiAgICAgMCwgIklzIFRMQiBDb250ZXh0IElEIGVu YWJsZWQgPyIpOwogaW50IGludnBjaWRfd29ya3MgPSAwOwpAQCAtODM4LDcgKzgzOCw3IEBACiAJ a2VybmVsX3BtYXAtPnBtX3BtbDQgPSAocGRwX2VudHJ5X3QgKilQSFlTX1RPX0RNQVAoS1BNTDRw aHlzKTsKIAlrZXJuZWxfcG1hcC0+cG1fY3IzID0gS1BNTDRwaHlzOwogCUNQVV9GSUxMKCZrZXJu ZWxfcG1hcC0+cG1fYWN0aXZlKTsJLyogZG9uJ3QgYWxsb3cgZGVhY3RpdmF0aW9uICovCi0JQ1BV X1pFUk8oJmtlcm5lbF9wbWFwLT5wbV9zYXZlKTsKKwlDUFVfRklMTCgma2VybmVsX3BtYXAtPnBt X3NhdmUpOwkvKiBhbHdheXMgc3VwZXJzZXQgb2YgcG1fYWN0aXZlICovCiAJVEFJTFFfSU5JVCgm a2VybmVsX3BtYXAtPnBtX3B2Y2h1bmspOwogCWtlcm5lbF9wbWFwLT5wbV9mbGFncyA9IHBtYXBf ZmxhZ3M7CiAKQEAgLTE0OTIsNyArMTQ5Miw4IEBACiAJCX0gZWxzZSB7CiAJCQlpbnZsdGxiX2ds b2JwY2lkKCk7CiAJCX0KLQkJQ1BVX0NMUl9BVE9NSUMoY3B1aWQsICZwbWFwLT5wbV9zYXZlKTsK KwkJaWYgKCFDUFVfSVNTRVQoY3B1aWQsICZwbWFwLT5wbV9hY3RpdmUpKQorCQkJQ1BVX0NMUl9B VE9NSUMoY3B1aWQsICZwbWFwLT5wbV9zYXZlKTsKIAkJc21wX2ludmx0bGIocG1hcCk7CiAJfSBl bHNlIHsKIAkJb3RoZXJfY3B1cyA9IGFsbF9jcHVzOwpAQCAtMTUyNiw3ICsxNTI3LDggQEAKIAkJ CX0KIAkJfSBlbHNlIGlmIChDUFVfSVNTRVQoY3B1aWQsICZwbWFwLT5wbV9hY3RpdmUpKQogCQkJ aW52bHRsYigpOwotCQlDUFVfQ0xSX0FUT01JQyhjcHVpZCwgJnBtYXAtPnBtX3NhdmUpOworCQlp ZiAoIUNQVV9JU1NFVChjcHVpZCwgJnBtYXAtPnBtX2FjdGl2ZSkpCisJCQlDUFVfQ0xSX0FUT01J QyhjcHVpZCwgJnBtYXAtPnBtX3NhdmUpOwogCQlpZiAocG1hcF9wY2lkX2VuYWJsZWQpCiAJCQlD UFVfQU5EKCZvdGhlcl9jcHVzLCAmcG1hcC0+cG1fc2F2ZSk7CiAJCWVsc2UK --=_ef7706356ad2b17cefd08d9045174740--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403231210.s2NCA12X053548>