From dillon@backplane.com  Sat Sep 14 12:26:19 1996
Received: from apollo.backplane.com (apollo.backplane.com [204.156.134.254])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id MAA03013
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 14 Sep 1996 12:26:17 -0700 (PDT)
Received: (dillon@localhost) by apollo.backplane.com (8.7.5/8.6.5) id MAA25882; Sat, 14 Sep 1996 12:26:11 -0700 (PDT)
Message-Id: <199609141926.MAA25882@apollo.backplane.com>
Date: Sat, 14 Sep 1996 12:26:11 -0700 (PDT)
From: dillon@backplane.com
Reply-To: dillon@backplane.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: mmap() of unassociated memory + mlock() can == kernel panic
X-Send-Pr-Version: 3.2

>Number:         1610
>Category:       kern
>Synopsis:       mmap() of unassociated memory + mlock() can == kernel panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    dyson
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 14 12:30:00 PDT 1996
>Closed-Date:    Sat May 23 02:26:10 PDT 1998
>Last-Modified:  Sat May 23 02:26:18 PDT 1998
>Originator:     Matthew Dillon
>Release:        FreeBSD 2.1-STABLE i386
>Organization:
self
>Environment:

	Pentium class machine, 64 MBytes of ram, Adaptec PCI SCSI

>Description:

	If I use mmap() to map a large (16 or 32 MBytes) amount of
	unassociated memory, then use mlock() to lock it, touching
	the memory will result in a kernel panic... something about
	a page directory missing (sorry, don't have the exact error).

	However, if I touch the memory BEFORE locking it, I can then
	lock the memory and use it normally.

	I believe the problem may be due to mmap() mapping the pages
	as zero-fill.  When you allocate more then one segment's worth
	of memory, the page table sharing is probably generating
	a condition that the system cannot handle when the memory
	is touched for the first time AFTER being locked.

>How-To-Repeat:

	mmap a large shared read-write area, unassociated with any file,
	that is larger then or equal to 16 MBytes on an unloaded
	machine.

	do not touch the allocated memory yet.

	lock the entire memory (make sure your resource limits are set
	such that it allows you to lock the entire area).

	write to a random page or pages in the memory area.  The kernel
	will panic with a missing page directory fault or something
	similiar.

>Fix:
	
	

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dyson 
Responsible-Changed-By: wosch 
Responsible-Changed-When: Sun Sep 15 07:00:50 PDT 1996 
Responsible-Changed-Why:  
John is Mr. mmap 
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Sat May 23 02:26:10 PDT 1998 
State-Changed-Why:  

As part of our PR auditing campaign, this PR has been closed due to it's 
age and lack of activity on the PR.   

There is a good chance that the problem reported have been solved  
as part of other activities. 

If this is not the case, please reopen this PR with fresh information 
on the manifestation of the bug. 

Sorry about the late reaction to this PR. 
>Unformatted:
