netbsd-bugs: kern/25639: uvm_vslock / uvm

Subject: kern/25639: uvm_vslock / uvm_vsunlock problems
To: None <gnats-bugs@gnats.netbsd.org>
From: None <yamt@mwd.biglobe.ne.jp>
List: netbsd-bugs
Date: 05/19/2004 22:45:59
>Number:         25639
>Category:       kern
>Synopsis:       uvm_vslock / uvm_vsunlock problems
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed May 19 13:47:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
>Release:        NetBSD 2.0E
>Organization:

>Environment:
	
	
System: NetBSD kaeru 2.0E NetBSD 2.0E (build.kaeru) #1310: Wed May 19 21:29:48 JST 2004 takashi@kaeru:/usr/home/takashi/work/kernel/build.kaeru i386
Architecture: i386
Machine: i386
>Description:
	from Stephan Uphoff.
	(http://mail-index.NetBSD.org/tech-kern/2003/07/10/0013.html)

> Problem 1:
> -----------
> uvm_vslock assumes that once a page is wired - it will stay wired until
> uvm_vsunlock (potentially) unwires it.
> This is not true for mmaped file pages when the file is truncated.
> (All managed mappings are released - page is freed)
> 
> Problem 2:
> ----------
> The uvm_vslock() / uvm_vsunlock() pair assumes only one thread 
> of control per address space.
> Because of clone(2) or scheduler activations (lwps) this is no longer always
> true.
> 
> Problem 3:
> ----------
> uvm_vslock indirectly calls uvm_fault.
> If uvm_fault is called without an VM_PROT_WRITE 
> bit in accesstype to wire a loaned page it will not
> break the loan.
> This can cause the buffer created by physio to eventual map to the
> wrong pages and could break a KASSERT in uvm_pagefree.

>How-To-Repeat:
>Fix:

> Solutions:
> ----------
> sys___sysctl can probably use a kernel buffer for the (hopefully few) 
> occasions
> where copying is not allowed to block. (And copyout from the kernel buffer
> when it is save to do so)
> ( I assume this is the reason for the wiring but was too lazy to verify ) 
> 
> The uvm_fault problem (3) could be fixed by always breaking loans on wire 
> faults.
> 
> I believe due to the first two problems physio can not be made to work 
> correctly without resorting to mechanisms closely related to page loaning. 
> (or the use of bounce buffers :-)
> Unfortunately this will need a major effort.
>Release-Note:
>Audit-Trail:
>Unformatted: