crash via vm_page_sleep_if_busy() and contigmalloc

• Previous message: Cor Bosman: "HIFN/7955 Soekris 1401 openssl problem"
• Next in thread: Brian Fundakowski Feldman: "Re: crash via vm_page_sleep_if_busy() and contigmalloc"
• Reply: Brian Fundakowski Feldman: "Re: crash via vm_page_sleep_if_busy() and contigmalloc"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 16 Jul 2004 20:32:05 -0400
To: hackers@FreeBSD.org

Anyone VM-y enough to be up to the task: please take a look at this
current vm_contig.c code and the crash that I have.

This crash is not common -- this is the first time I've seen it --
but the problem certainly doesn't seem unique.

What seems to happen is that vm_page_sleep_if_busy() is called from
a place that expects that a page may go away, but it does not really
realize this. If it has to sleep because the page is busy, it will
afterward happily dereference m->object which may now be NULL or belong
to something else, and unlock its mutex (which may be locked).

It seems that this is a generic problem that needs to be solved by not
dicking around with vm_object inside vm_page_sleep_if_busy(): pass it
in locked all of the time, return it unlocked all of the time if the
page queue mutex was relinquished. Also, assumptions should be removed
from other callers of vm_page_sleep_if_busy() such that they know the
object may not exist after return, so if the page queue lock is gone
then the object is gone and it must not reference it anymore.

Essentially every bit of code that calls vm_page_sleep_if_busy() without
explicit knowledge of the backing object is in violation of this. As
such, I think callers need to either lock the vm_object in every case
before locking the page queues, or if they hold the page queues' mutex,
do a trylock before trying to call vm_page_sleep_if_busy(), and be able
to handle both of the locks being relinquished on a return of TRUE.

Comments?

-- 
Brian Fundakowski Feldman                           \'[ FreeBSD ]''''''''''\
  <> green@FreeBSD.org                               \  The Power to Serve! \
 Opinions expressed are my own.                       \,,,,,,,,,,,,,,,,,,,,,,\

_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

• text/plain attachment: crash.typescript

• Previous message: Cor Bosman: "HIFN/7955 Soekris 1401 openssl problem"
• Next in thread: Brian Fundakowski Feldman: "Re: crash via vm_page_sleep_if_busy() and contigmalloc"
• Reply: Brian Fundakowski Feldman: "Re: crash via vm_page_sleep_if_busy() and contigmalloc"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]