Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/arch/arm/arm32 Fix a deadlock between the pool and pmap ...
details: https://anonhg.NetBSD.org/src/rev/1627ef83704e
branches: trunk
changeset: 450706:1627ef83704e
user: bouyer <bouyer%NetBSD.org@localhost>
date: Tue Apr 23 11:21:21 2019 +0000
description:
Fix a deadlock between the pool and pmap codes:
- cpu0 grabs the kernel lock (e.g. from a non-MPSAFE interrupt) and
calls pool_get().
- cpu1 does a pool_get() on the same pool from MPSAFE code, which needs a
pool_page_alloc(), which ends up in pmap_extract_coherency().
So cpu0 holds the kernel_lock and wants the pool lock. cpu1 holds the pool
lock and wants the kernel_lock in pmap_extract_coherency().
The pmap code should not rely on kernel_lock. Intead make the
pmap_kernel()->pm_obj_lock a IPL_VM lock and use it as pmap lock
(thus dropping the pmap test pmap_{acquire,release}_pmap_lock()).
This needs to be a IPL_VM because unlike user pmaps, this can be locked
from interrupt context.
Add a IPL_NONE lock for pmap_growkernel(). We can't use
pmap_kernel()->pm_obj_lock here because pmap_grow_map() may sleep.
Make pmap_lock (which may be locked with pm_obj_lock held) a IPL_VM
lock in all case.
reorder a few things to not call pool_get()/pool_put() (which may sleep)
with pm_obj_lock held.
Patch initially posted to port-arm@ on April 19, improved patch (per
suggestions from Nick Hudson and Jason Thorpe) on April 21.
diffstat:
sys/arch/arm/arm32/pmap.c | 100 ++++++++++++++++++++++++---------------------
1 files changed, 53 insertions(+), 47 deletions(-)
diffs (277 lines):
diff -r 7b88f32d63b5 -r 1627ef83704e sys/arch/arm/arm32/pmap.c
--- a/sys/arch/arm/arm32/pmap.c Tue Apr 23 11:05:14 2019 +0000
+++ b/sys/arch/arm/arm32/pmap.c Tue Apr 23 11:21:21 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pmap.c,v 1.372 2019/04/23 11:05:14 bouyer Exp $ */
+/* $NetBSD: pmap.c,v 1.373 2019/04/23 11:21:21 bouyer Exp $ */
/*
* Copyright 2003 Wasabi Systems, Inc.
@@ -221,7 +221,7 @@
#include <arm/db_machdep.h>
#endif
-__KERNEL_RCSID(0, "$NetBSD: pmap.c,v 1.372 2019/04/23 11:05:14 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pmap.c,v 1.373 2019/04/23 11:21:21 bouyer Exp $");
//#define PMAP_DEBUG
#ifdef PMAP_DEBUG
@@ -521,6 +521,7 @@
vaddr_t memhook; /* used by mem.c & others */
kmutex_t memlock __cacheline_aligned; /* used by mem.c & others */
kmutex_t pmap_lock __cacheline_aligned;
+kmutex_t kpm_lock __cacheline_aligned;
extern void *msgbufaddr;
int pmap_kmpages;
/*
@@ -543,33 +544,21 @@
pmap_acquire_pmap_lock(pmap_t pm)
{
#if defined(MULTIPROCESSOR) && defined(DDB)
- if (db_onproc != NULL)
+ if (__predict_false(db_onproc != NULL))
return;
#endif
- if (pm == pmap_kernel()) {
-#ifdef MULTIPROCESSOR
- KERNEL_LOCK(1, NULL);
-#endif
- } else {
- mutex_enter(pm->pm_lock);
- }
+ mutex_enter(pm->pm_lock);
}
static inline void
pmap_release_pmap_lock(pmap_t pm)
{
#if defined(MULTIPROCESSOR) && defined(DDB)
- if (db_onproc != NULL)
+ if (__predict_false(db_onproc != NULL))
return;
#endif
- if (pm == pmap_kernel()) {
-#ifdef MULTIPROCESSOR
- KERNEL_UNLOCK_ONE(NULL);
-#endif
- } else {
- mutex_exit(pm->pm_lock);
- }
+ mutex_exit(pm->pm_lock);
}
static inline void
@@ -3070,6 +3059,10 @@
#else
const bool vector_page_p = (va == vector_page);
#endif
+ struct pmap_page *pp = pmap_pv_tracked(pa);
+ struct pv_entry *new_pv = NULL;
+ struct pv_entry *old_pv = NULL;
+ int error = 0;
UVMHIST_FUNC(__func__); UVMHIST_CALLED(maphist);
@@ -3085,6 +3078,12 @@
* test for a managed page by checking pg != NULL.
*/
pg = pmap_initialized ? PHYS_TO_VM_PAGE(pa) : NULL;
+ /*
+ * if we may need a new pv entry allocate if now, as we can't do it
+ * with the kernel_pmap locked
+ */
+ if (pg || pp)
+ new_pv = pool_get(&pmap_pv_pool, PR_NOWAIT);
nflags = 0;
if (prot & VM_PROT_WRITE)
@@ -3108,7 +3107,8 @@
if (l2b == NULL) {
if (flags & PMAP_CANFAIL) {
pmap_release_pmap_lock(pm);
- return (ENOMEM);
+ error = ENOMEM;
+ goto free_pv;
}
panic("pmap_enter: failed to allocate L2 bucket");
}
@@ -3131,8 +3131,6 @@
} else
opg = NULL;
- struct pmap_page *pp = pmap_pv_tracked(pa);
-
if (pg || pp) {
KASSERT((pg != NULL) != (pp != NULL));
struct vm_page_md *md = (pg != NULL) ? VM_PAGE_TO_MD(pg) :
@@ -3241,9 +3239,10 @@
}
#endif
} else {
- pmap_release_page_lock(md);
- pv = pool_get(&pmap_pv_pool, PR_NOWAIT);
+ pv = new_pv;
+ new_pv = NULL;
if (pv == NULL) {
+ pmap_release_page_lock(md);
pmap_release_pmap_lock(pm);
if ((flags & PMAP_CANFAIL) == 0)
panic("pmap_enter: "
@@ -3254,7 +3253,6 @@
0, 0, 0, 0);
return (ENOMEM);
}
- pmap_acquire_page_lock(md);
}
pmap_enter_pv(md, pa, pv, pm, va, nflags);
@@ -3291,9 +3289,9 @@
paddr_t opa = VM_PAGE_TO_PHYS(opg);
pmap_acquire_page_lock(omd);
- struct pv_entry *pv = pmap_remove_pv(omd, opa, pm, va);
+ old_pv = pmap_remove_pv(omd, opa, pm, va);
pmap_vac_me_harder(omd, opa, pm, 0);
- oflags = pv->pv_flags;
+ oflags = old_pv->pv_flags;
pmap_release_page_lock(omd);
#ifdef PMAP_CACHE_VIVT
@@ -3301,7 +3299,6 @@
pmap_cache_wbinv_page(pm, va, true, oflags);
}
#endif
- pool_put(&pmap_pv_pool, pv);
}
}
@@ -3403,7 +3400,13 @@
pmap_release_pmap_lock(pm);
- return (0);
+
+ if (old_pv)
+ pool_put(&pmap_pv_pool, old_pv);
+free_pv:
+ if (new_pv)
+ pool_put(&pmap_pv_pool, new_pv);
+ return (error);
}
/*
@@ -3431,10 +3434,13 @@
void
pmap_remove(pmap_t pm, vaddr_t sva, vaddr_t eva)
{
+ SLIST_HEAD(,pv_entry) opv_list;
+ struct pv_entry *pv, *npv;
UVMHIST_FUNC(__func__); UVMHIST_CALLED(maphist);
UVMHIST_LOG(maphist, " (pm=%#jx, sva=%#jx, eva=%#jx)",
(uintptr_t)pm, sva, eva, 0);
+ SLIST_INIT(&opv_list);
/*
* we lock in the pmap => pv_head direction
*/
@@ -3493,7 +3499,6 @@
*/
if (pg != NULL) {
struct vm_page_md *md = VM_PAGE_TO_MD(pg);
- struct pv_entry *pv;
pmap_acquire_page_lock(md);
pv = pmap_remove_pv(md, pa, pm, sva);
@@ -3503,7 +3508,8 @@
if (pm->pm_remove_all == false) {
flags = pv->pv_flags;
}
- pool_put(&pmap_pv_pool, pv);
+ SLIST_INSERT_HEAD(&opv_list,
+ pv, pv_link);
}
}
mappings += PAGE_SIZE / L2_S_SIZE;
@@ -3605,6 +3611,9 @@
}
pmap_release_pmap_lock(pm);
+ SLIST_FOREACH_SAFE(pv, &opv_list, pv_link, npv) {
+ pool_put(&pmap_pv_pool, pv);
+ }
}
#if defined(PMAP_CACHE_VIPT) && !defined(ARM_MMU_EXTENDED)
@@ -3828,15 +3837,15 @@
UVMHIST_LOG(maphist, " (va=%#jx, len=%#jx)", va, len, 0, 0);
const vaddr_t eva = va + len;
-
- pmap_acquire_pmap_lock(pmap_kernel());
+ pmap_t kpm = pmap_kernel();
+
+ pmap_acquire_pmap_lock(kpm);
while (va < eva) {
vaddr_t next_bucket = L2_NEXT_BUCKET_VA(va);
if (next_bucket > eva)
next_bucket = eva;
- pmap_t kpm = pmap_kernel();
struct l2_bucket * const l2b = pmap_get_l2_bucket(kpm, va);
KDASSERT(l2b != NULL);
@@ -3892,7 +3901,7 @@
total_mappings += mappings;
#endif
}
- pmap_release_pmap_lock(pmap_kernel());
+ pmap_release_pmap_lock(kpm);
cpu_cpwait();
UVMHIST_LOG(maphist, " <--- done (%ju mappings removed)",
total_mappings, 0, 0, 0);
@@ -5917,8 +5926,8 @@
* whoops! we need to add kernel PTPs
*/
- s = splhigh(); /* to be safe */
- mutex_enter(kpm->pm_lock);
+ s = splvm(); /* to be safe */
+ mutex_enter(&kpm_lock);
/* Map 1MB at a time */
size_t l1slot = l1pte_index(pmap_curmaxkvaddr);
@@ -5962,7 +5971,7 @@
cpu_cpwait();
#endif
- mutex_exit(kpm->pm_lock);
+ mutex_exit(&kpm_lock);
splx(s);
out:
@@ -6160,16 +6169,13 @@
#endif
VPRINTF("locks ");
-#if defined(PMAP_CACHE_VIPT) && !defined(ARM_MMU_EXTENDED)
- if (arm_cache_prefer_mask != 0) {
- mutex_init(&pmap_lock, MUTEX_DEFAULT, IPL_VM);
- } else {
-#endif
- mutex_init(&pmap_lock, MUTEX_DEFAULT, IPL_NONE);
-#if defined(PMAP_CACHE_VIPT) && !defined(ARM_MMU_EXTENDED)
- }
-#endif
- mutex_init(&pm->pm_obj_lock, MUTEX_DEFAULT, IPL_NONE);
+ /*
+ * pmap_kenter_pa() and pmap_kremove() may be called from interrupt
+ * context, so its locks have to be at IPL_VM
+ */
+ mutex_init(&pmap_lock, MUTEX_DEFAULT, IPL_VM);
+ mutex_init(&kpm_lock, MUTEX_DEFAULT, IPL_NONE);
+ mutex_init(&pm->pm_obj_lock, MUTEX_DEFAULT, IPL_VM);
uvm_obj_init(&pm->pm_obj, NULL, false, 1);
uvm_obj_setlock(&pm->pm_obj, &pm->pm_obj_lock);
Home |
Main Index |
Thread Index |
Old Index