Subject: kern/21107: genfs_putpages modifies page tables without proper locking
To: None <gnats-bugs@gnats.netbsd.org>
From: Brian Buhrow <buhrow@lothlorien.nfbcal.org>
List: netbsd-bugs
Date: 04/11/2003 23:55:17 
>Number:         21107
>Category:       kern
>Synopsis:       /usr/src/sys/miscfs/genfs/genfs_vnops.c has an unprotected page table modify in genfs_putpages()
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Apr 11 23:56:00 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Brian Buhrow
>Release:        NetBSD 1.6, 1.6.1,
>Organization:
NFB of California
	NFB of California
>Environment:
System: NetBSD lothlorien.nfbcal.org 1.6.1 NetBSD 1.6.1 (NFBNETBSD) #0: Thu Apr 10 00:31:56 PDT 2003 buhrow@lothlorien.nfbcal.org:/usr/local/netbsd/src/sys/arch/i386/compile/NFBNETBSD i386
Architecture: i386
Machine: i386
>Description:
	
	/usr/src/sys/miscfs/genfs/genfs_vnops.c:genfs_putpages() attempts to
clean pages with the pmap_clear_modify() routine without locking the uvm
page queues.  On some systems, including I386 and Sparc architectures, this
results in intermittent illegal page faults which panic the system.
	The following patches for the 1.6 branch and the current branch,
respectively, fix this problem.  On my production machine, uptimes before
the patch were measured in minutes and hours.  After the patch, the machine
has been completely stable.
-Brian

[1.6 branc patch...]
/*      $NetBSD: genfs_vnops.c,v 1.63.2.2 2002/10/23 12:18:12 lukem Exp $
*/
--- genfs_vnops.c.fcs	Wed Oct 23 05:18:12 2002
+++ genfs_vnops.c	Wed Apr  9 23:48:18 2003
@@ -1164,8 +1164,10 @@
 			pmap_page_protect(pg, VM_PROT_NONE);
 		}
 		if (flags & PGO_CLEANIT) {
+			uvm_lock_pageq();
 			needs_clean = pmap_clear_modify(pg) ||
 			    (pg->flags & PG_CLEAN) == 0;
+			uvm_unlock_pageq();
 			pg->flags |= PG_CLEAN;
 		} else {
 			needs_clean = FALSE;


[NetBSD-current patch]
/*	$NetBSD: genfs_vnops.c,v 1.75 2003/04/10 21:53:33 jdolecek Exp $	*/
--- genfs_vnops.c.fcs	Fri Apr 11 23:39:07 2003
+++ genfs_vnops.c	Fri Apr 11 23:47:19 2003
@@ -1181,8 +1181,10 @@
 			pmap_page_protect(pg, VM_PROT_NONE);
 		}
 		if (flags & PGO_CLEANIT) {
+			uvm_lock_pageq();
 			needs_clean = pmap_clear_modify(pg) ||
 			    (pg->flags & PG_CLEAN) == 0;
+			uvm_unlock_pageq();
 			pg->flags |= PG_CLEAN;
 		} else {
 			needs_clean = FALSE;


>How-To-Repeat:
	
>Fix:
	
>Release-Note:
>Audit-Trail:
>Unformatted: