From nobody@FreeBSD.org  Thu Nov  5 13:57:47 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A7DB8106568D
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  5 Nov 2009 13:57:47 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 61D788FC19
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  5 Nov 2009 13:57:47 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id nA5DvldG035075
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 5 Nov 2009 13:57:47 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id nA5Dvk7U035074;
	Thu, 5 Nov 2009 13:57:46 GMT
	(envelope-from nobody)
Message-Id: <200911051357.nA5Dvk7U035074@www.freebsd.org>
Date: Thu, 5 Nov 2009 13:57:46 GMT
From: Mister Olli <mister.olli@googlemail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: FreeBSD8 RC2 as PV domU crashes during configure of security/libgcrypt
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         140313
>Category:       kern
>Synopsis:       [xen] [panic] FreeBSD8 RC2 as PV domU crashes during configure of security/libgcrypt
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-xen
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 05 14:00:11 UTC 2009
>Closed-Date:    Thu Jan 06 23:02:49 UTC 2011
>Last-Modified:  Thu Jan 06 23:02:49 UTC 2011
>Originator:     Mister Olli
>Release:        FreeBSD8 - RC2 (SVN release 198456)
>Organization:
>Environment:
webserver# uname -a
FreeBSD webserver.studi-planet.com 8.0-RC2 FreeBSD 8.0-RC2 #0: Wed Oct 28 18:14:36 CET 2009     root@webserver.studi-planet.com:/usr/obj/usr/src/sys/XEN  i386

>Description:
During 'configure' of the security/libgcrypt port FreeBSD8-RC2 crashes at step:

checking whether mlock is broken...

The following backtrace can be obtained:

panic: mutex vm page queue mutex not owned at
/usr/src/sys/i386/xen/xen_machdep.c:409
cpuid = 0 
KDB: enter: panic
[thread pid 6888 tid 100077 ]
Stopped at      kdb_enter+0x3a: movl    $0,kdb_why
db> bt
Tracing pid 6888 tid 100077 td 0xc3721000
kdb_enter(c035dfc4,c035dfc4,c035c6b5,e424cae0,0,...) at kdb_enter+0x3a
panic(c035c6b5,c03640dc,c0389109,199,e424cb14,...) at panic+0x136
_mtx_assert(c054be44,4,c0389109,199,0,...) at _mtx_assert+0x87
_xen_queue_pt_update(d9e3d320,0,d79fe000,0,c038a789,...) at
_xen_queue_pt_update+0x4c
pmap_extract(c330c54c,28202000,4,c035c73d,c330c54c,...) at pmap_extract+0x251
vm_fault_unwire(c330c49c,28202000,28203000,0,0,...) at vm_fault_unwire+0x32
vm_map_delete(c330c49c,1000,bf800000,1,c330c49c,...) at vm_map_delete+0x16f
vm_map_remove(c330c49c,1000,bf800000,0,c63f27f8,...) at vm_map_remove+0x51
vmspace_exit(c3721000,0,c0359252,12d,e424cc90,...) at vmspace_exit+0xbf
exit1(c3721000,0,e424cd3c,c03346b3,c3721000,...) at exit1+0x5db
sys_exit(c3721000,e424cd08,4,c03647d8,c039ca7c,...) at sys_exit+0x1d
syscall(e424cd48) at syscall+0x2a3
Xint0x80_syscall() at Xint0x80_syscall+0x22
--- syscall (1, FreeBSD ELF32, sys_exit), eip = 0x281000af, esp = 0xbf7fe7ac,
ebp = 0xbf7fe7b8 --- 


>How-To-Repeat:
cd /usr/ports/security/libgcrypt
make
>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-xen 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Nov 5 14:23:16 UTC 2009 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=140313 

From: Colin Percival <cperciva@freebsd.org>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/140313: [xen] [panic] FreeBSD8 RC2 as PV domU crashes during
 configure of security/libgcrypt
Date: Sun, 28 Nov 2010 07:48:31 -0800

 Note for the audit trail: Also reported as kern/145664.
 
 -- 
 Colin Percival
 Security Officer, FreeBSD | freebsd.org | The power to serve
 Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid

From: Colin Percival <cperciva@freebsd.org>
To: bug-followup@FreeBSD.org, mister.olli@googlemail.com
Cc:  
Subject: Re: kern/140313: [xen] [panic] FreeBSD8 RC2 as PV domU crashes during
 configure of security/libgcrypt
Date: Sat, 25 Dec 2010 02:06:45 -0800

 Test case:
 
 #include <sys/mman.h>
 int main()
 {
         int i;
         mlock(&i, 4);
         return (0);
 }
 
 This appears to have been partially fixed by SVN r204160, but pmap_pte_release
 needs to be updated the same way as pmap_pte.  I'll commit this once I've had
 a chance to test further.
 
 -- 
 Colin Percival
 Security Officer, FreeBSD | freebsd.org | The power to serve
 Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
State-Changed-From-To: open->patched 
State-Changed-By: cperciva 
State-Changed-When: Sun Dec 26 13:09:25 UTC 2010 
State-Changed-Why:  
Fixed in HEAD. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=140313 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/140313: commit references a PR
Date: Sun, 26 Dec 2010 13:05:48 +0000 (UTC)

 Author: cperciva
 Date: Sun Dec 26 13:05:43 2010
 New Revision: 216703
 URL: http://svn.freebsd.org/changeset/base/216703
 
 Log:
   Lock the vm page queue mutex in pmap_pte_release around the call
   to PMAP_SET_VA; this fixes a mutex-not-held panic when a process
   which called mlock(2) exits, and parallels a change made in
   pmap_pte 10 months ago (svn r204160).
   
   Note: The locking in this code is utterly broken.  We should not
   be using the VM page queue mutex to protect the queue of pending
   Xen page mapping hypervisor calls.  Even if it made sense to do
   so, this commit and r204160 introduce LORs between the vm page
   queue mutex and PMAP2mutex.
   
   (However, a possible deadlock is better than a guaranteed panic,
   and this change will hopefully make life easier for whoever fixes
   the Xen pmap locking in the future.)
   
   PR:		kern/140313
   MFC after:	3 days
 
 Modified:
   head/sys/i386/xen/pmap.c
 
 Modified: head/sys/i386/xen/pmap.c
 ==============================================================================
 --- head/sys/i386/xen/pmap.c	Sun Dec 26 01:42:52 2010	(r216702)
 +++ head/sys/i386/xen/pmap.c	Sun Dec 26 13:05:43 2010	(r216703)
 @@ -1015,7 +1015,9 @@ pmap_pte_release(pt_entry_t *pte)
  	if ((pt_entry_t *)((vm_offset_t)pte & ~PAGE_MASK) == PADDR2) {
  		CTR1(KTR_PMAP, "pmap_pte_release: pte=0x%jx",
  		    *PMAP2);
 +		vm_page_lock_queues();
  		PT_SET_VA(PMAP2, 0, TRUE);
 +		vm_page_unlock_queues();
  		mtx_unlock(&PMAP2mutex);
  	}
  }
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/140313: commit references a PR
Date: Thu,  6 Jan 2011 22:52:59 +0000 (UTC)

 Author: cperciva
 Date: Thu Jan  6 22:52:52 2011
 New Revision: 217080
 URL: http://svn.freebsd.org/changeset/base/217080
 
 Log:
   MFS r217051: Fix panic when mlock(2) is used on i386/XEN.
   
   PR:		kern/140313
   Approved by:	re (rwatson)
 
 Modified:
   releng/8.2/sys/i386/xen/pmap.c
 Directory Properties:
   releng/8.2/sys/   (props changed)
   releng/8.2/sys/amd64/include/xen/   (props changed)
   releng/8.2/sys/cddl/contrib/opensolaris/   (props changed)
   releng/8.2/sys/contrib/dev/acpica/   (props changed)
   releng/8.2/sys/contrib/pf/   (props changed)
 
 Modified: releng/8.2/sys/i386/xen/pmap.c
 ==============================================================================
 --- releng/8.2/sys/i386/xen/pmap.c	Thu Jan  6 22:26:00 2011	(r217079)
 +++ releng/8.2/sys/i386/xen/pmap.c	Thu Jan  6 22:52:52 2011	(r217080)
 @@ -1070,7 +1070,9 @@ pmap_pte_release(pt_entry_t *pte)
  	if ((pt_entry_t *)((vm_offset_t)pte & ~PAGE_MASK) == PADDR2) {
  		CTR1(KTR_PMAP, "pmap_pte_release: pte=0x%jx",
  		    *PMAP2);
 +		vm_page_lock_queues();
  		PT_SET_VA(PMAP2, 0, TRUE);
 +		vm_page_unlock_queues();
  		mtx_unlock(&PMAP2mutex);
  	}
  }
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: cperciva 
State-Changed-When: Thu Jan 6 23:02:19 UTC 2011 
State-Changed-Why:  
Fixed in HEAD, 8-STABLE, and 8.2-RC2. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=140313 
>Unformatted:
