From nobody@FreeBSD.org  Sat Jan 22 21:06:05 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B0447106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 22 Jan 2011 21:06:05 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (unknown [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 94D378FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 22 Jan 2011 21:06:05 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p0ML65XF029176
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 22 Jan 2011 21:06:05 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p0ML65HY029175;
	Sat, 22 Jan 2011 21:06:05 GMT
	(envelope-from nobody)
Message-Id: <201101222106.p0ML65HY029175@red.freebsd.org>
Date: Sat, 22 Jan 2011 21:06:05 GMT
From: Michael Moll <kvedulv@kvedulv.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: using GELI leads to panic on ARM
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         154227
>Category:       arm
>Synopsis:       [geli] using GELI leads to panic on ARM
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-arm
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 22 21:10:08 UTC 2011
>Closed-Date:    
>Last-Modified:  Wed Feb 29 12:50:11 UTC 2012
>Originator:     Michael Moll
>Release:        9-CURRENT
>Organization:
>Environment:
FreeBSD deskstar.kvedulv.de 9.0-CURRENT FreeBSD 9.0-CURRENT #0 r217665: Sat Jan 22 20:15:50 CET 2011     mmoll@emperor.kvedulv.de:/usr/obj/arm.arm/usr/current/src/sys/DESKSTAR  arm

>Description:
When using a a drive encrypted with GELI, the following panic is very quickly 	 reproducible:
panic: vm_page_insert: offset already allocated
KDB: enter: panic
[ thread pid 953 tid 100056 ]
Stopped at      kdb_enter+0x48: ldrb    r15, [r15, r15, ror r15]!
db> bt
Tracing pid 953 tid 100056 td 0xc1a988a0
kdb_enter() at kdb_enter+0x14
scp=0xc0a06610 rlv=0xc09dc130 (panic+0xa0)
        rsp=0xc83baca0 rfp=0xc83bacb4
        r5=0xc0bce0b4 r4=0x00000100
panic() at panic+0x1c
scp=0xc09dc0ac rlv=0xc0b56498 (vm_page_insert+0x16c)
        rsp=0xc83bacc8 rfp=0xc83bace8
vm_page_insert() at vm_page_insert+0x10
scp=0xc0b5633c rlv=0xc0b566e8 (vm_page_alloc+0x240)
        rsp=0xc83bacec rfp=0xc83bad14
        r8=0x00001c18 r7=0x00000022
        r6=0x00000002 r5=0xc0d90e2c r4=0x00000000
vm_page_alloc() at vm_page_alloc+0x10
scp=0xc0b564b8 rlv=0xc0b49f5c (kmem_back+0x140)
        rsp=0xc83bad18 rfp=0xc83bad70
        r10=0x00000002 r9=0xc0d8408c
        r8=0x00007000 r7=0x00000022 r6=0x00000000 r5=0x00001c18
        r4=0xc0d90de0
kmem_back() at kmem_back+0x10
scp=0xc0b49e2c rlv=0xc0b4a52c (kmem_malloc+0x1c8)
        rsp=0xc83bad74 rfp=0xc83bada8
        r10=0xc83bad7c r9=0x00000002
        r8=0x0002a000 r7=0xc0d8408c r6=0x0002a000 r5=0xc1b5811c
        r4=0x00000002
kmem_malloc() at kmem_malloc+0x14
scp=0xc0b4a378 rlv=0xc0b433dc (uma_large_malloc+0x4c)
        rsp=0xc83badac rfp=0xc83badd4
        r10=0xc0c400f0 r9=0xc186ac00
        r8=0x00000200 r7=0xc0c59a90 r6=0x0002a000 r5=0xc1b5811c
        r4=0x00000002
uma_large_malloc() at uma_large_malloc+0x10
scp=0xc0b433a0 rlv=0xc09cc4a8 (malloc+0xcc)
        rsp=0xc83badd8 rfp=0xc83badf4
        r7=0x00000002 r6=0xc0c1cf98
        r5=0x00000100 r4=0x0002a000
malloc() at malloc+0x14
scp=0xc09cc3f0 rlv=0xc0987a50 (g_eli_crypto_run+0xbc)
        rsp=0xc83badf8 rfp=0xc83bae50
        r7=0xc1865da0 r6=0xc186ae28
        r5=0x00000100 r4=0xc194bbd0
g_eli_crypto_run() at g_eli_crypto_run+0x10
scp=0xc09879a4 rlv=0xc0980bcc (g_eli_create+0xf98)
        rsp=0xc83bae54 rfp=0xc83bae80
        r10=0xc0c400f0 r9=0xc186ae3c
        r8=0xc186ae14 r7=0xc1865da0 r6=0xc186ae28 r5=0xc186ac00
        r4=0xc194bbd0
g_eli_create() at g_eli_create+0xc18
scp=0xc098084c rlv=0xc09b7e00 (fork_exit+0x64)
        rsp=0xc83bae84 rfp=0xc83baea8
        r10=0xc098083c r9=0xc0c657c0
        r8=0xc1865da0 r7=0xc1a93000 r6=0xc83baeac r5=0xc0c657c0
        r4=0xc1a988a0
fork_exit() at fork_exit+0x10
scp=0xc09b7dac rlv=0xc0b74c90 (fork_trampoline+0x14)
        rsp=0xc83baeac rfp=0x00000000
        r10=0xffffffff r8=0x00000104
        r7=0xc0b67aac r6=0xc83baeac r5=0xc1865da0 r4=0xc098083c
>How-To-Repeat:
dd if=/dev/zero of=/GELImountpoint/whatever leads always to this panic on my machine (Seagate Dockstar).
>Fix:


>Release-Note:
>Audit-Trail:

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: arm/154227: commit references a PR
Date: Wed, 29 Feb 2012 12:44:47 +0000 (UTC)

 Author: cognet
 Date: Wed Feb 29 12:44:34 2012
 New Revision: 232295
 URL: http://svn.freebsd.org/changeset/base/232295
 
 Log:
   Make sure we do not provide the page 0 to the VM. It can't handle it properly,
   because pmap_extract() returns 0 when there's no mapping.
   
   PR:		arm/154227
   MFC after:	1 week
 
 Modified:
   head/sys/arm/mv/mv_machdep.c
   head/sys/arm/xscale/i8134x/crb_machdep.c
 
 Modified: head/sys/arm/mv/mv_machdep.c
 ==============================================================================
 --- head/sys/arm/mv/mv_machdep.c	Wed Feb 29 12:13:05 2012	(r232294)
 +++ head/sys/arm/mv/mv_machdep.c	Wed Feb 29 12:44:34 2012	(r232295)
 @@ -287,9 +287,19 @@ physmap_init(void)
  		    availmem_regions[i].mr_start + availmem_regions[i].mr_size,
  		    availmem_regions[i].mr_size);
  
 -		phys_avail[j] = availmem_regions[i].mr_start;
 -		phys_avail[j + 1] = availmem_regions[i].mr_start +
 -		    availmem_regions[i].mr_size;
 +		/* 
 +		 * We should not map the page at PA 0x0000000, the VM can't
 +		 * handle it, as pmap_extract() == 0 means failure.
 +		 */
 +		if (availmem_regions[i].mr_start > 0 ||
 +		    availmem_regions[i].mr_size > PAGE_SIZE) {
 +			phys_avail[j] = availmem_regions[i].mr_start;
 +			if (phys_avail[j] == 0)
 +				phys_avail[j] += PAGE_SIZE;
 +			phys_avail[j + 1] = availmem_regions[i].mr_start +
 +			    availmem_regions[i].mr_size;
 +		} else
 +			j -= 2;
  	}
  	phys_avail[j] = 0;
  	phys_avail[j + 1] = 0;
 
 Modified: head/sys/arm/xscale/i8134x/crb_machdep.c
 ==============================================================================
 --- head/sys/arm/xscale/i8134x/crb_machdep.c	Wed Feb 29 12:13:05 2012	(r232294)
 +++ head/sys/arm/xscale/i8134x/crb_machdep.c	Wed Feb 29 12:44:34 2012	(r232295)
 @@ -381,8 +381,8 @@ initarm(void *arg, void *arg2)
  	
  	i = 0;
  #ifdef ARM_USE_SMALL_ALLOC
 -	phys_avail[i++] = 0x00000000;
 -	phys_avail[i++] = 0x00001000; 	/*
 +	phys_avail[i++] = 0x00001000;
 +	phys_avail[i++] = 0x00002000; 	/*
  					 *XXX: Gross hack to get our
  					 * pages in the vm_page_array
  					 . */
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
