On Fri, Jan 1, 2021 at 5:46 AM Michal Meloun <[email protected]> wrote:
>
>
>
> On 31.12.2020 22:03, Ryan Libby wrote:
> > The branch main has been updated by rlibby:
> >
> > URL:
> > https://cgit.FreeBSD.org/src/commit/?id=942951ba46ecd5ebab18de006a24dc52e2d3f745
> >
> > commit 942951ba46ecd5ebab18de006a24dc52e2d3f745
> > Author: Ryan Libby <[email protected]>
> > AuthorDate: 2020-12-31 21:02:45 +0000
> > Commit: Ryan Libby <[email protected]>
> > CommitDate: 2020-12-31 21:02:45 +0000
> >
> > uma dbg: catch more corruption with atomics
> >
> > Use atomic testandset and testandclear to catch concurrent double free,
> > and to reduce the number of atomic operations.
> >
> > Submitted by: jeff
> > Reviewed by: cem, kib, markj (all previous version)
> > Sponsored by: Dell EMC Isilon
> > Differential Revision: https://reviews.freebsd.org/D22703
> Unfortunately, this broke arm and arm64 kernel with random
> 'duplicate alloc'/'duplicate free' panics.
>
> Michal
>
Thanks for the report. It's probably going to be several hours before I
can dig into this properly. A GENERIC-NODEBUG kernel should avoid the
problem.
>From a quick scan of source, it looks to me like arm64's
atomic_testand{set,clear}_64 are broken because of a wrong mask value
under _ATOMIC_TEST_OP_IMPL(64, ...).
If you would like to test a patch, you could try the one attached
(only compile tested on my end).
Ryan
> > ---
> > sys/vm/uma_core.c | 9 ++++-----
> > 1 file changed, 4 insertions(+), 5 deletions(-)
> >
> > diff --git a/sys/vm/uma_core.c b/sys/vm/uma_core.c
> > index a0192642205d..39c846effac8 100644
> > --- a/sys/vm/uma_core.c
> > +++ b/sys/vm/uma_core.c
> > @@ -5392,10 +5392,10 @@ uma_dbg_alloc(uma_zone_t zone, uma_slab_t slab,
> > void *item)
> > keg = zone->uz_keg;
> > freei = slab_item_index(slab, keg, item);
> >
> > - if (BIT_ISSET(keg->uk_ipers, freei, slab_dbg_bits(slab, keg)))
> > + if (BIT_TEST_SET_ATOMIC(keg->uk_ipers, freei,
> > + slab_dbg_bits(slab, keg)))
> > panic("Duplicate alloc of %p from zone %p(%s) slab %p(%d)",
> > item, zone, zone->uz_name, slab, freei);
> > - BIT_SET_ATOMIC(keg->uk_ipers, freei, slab_dbg_bits(slab, keg));
> > }
> >
> > /*
> > @@ -5426,11 +5426,10 @@ uma_dbg_free(uma_zone_t zone, uma_slab_t slab, void
> > *item)
> > panic("Unaligned free of %p from zone %p(%s) slab %p(%d)",
> > item, zone, zone->uz_name, slab, freei);
> >
> > - if (!BIT_ISSET(keg->uk_ipers, freei, slab_dbg_bits(slab, keg)))
> > + if (!BIT_TEST_CLR_ATOMIC(keg->uk_ipers, freei,
> > + slab_dbg_bits(slab, keg)))
> > panic("Duplicate free of %p from zone %p(%s) slab %p(%d)",
> > item, zone, zone->uz_name, slab, freei);
> > -
> > - BIT_CLR_ATOMIC(keg->uk_ipers, freei, slab_dbg_bits(slab, keg));
> > }
> > #endif /* INVARIANTS */
> >
> >
From 4fb1d412636bf6fe59d0457e7dd17da5e59ce55f Mon Sep 17 00:00:00 2001
From: Ryan Libby <[email protected]>
Date: Fri, 1 Jan 2021 10:43:03 -0800
Subject: [PATCH] arm64: fix mask in atomic_test 64 ops
These macros generate both the 32 and 64-bit ops but the mask was hard
coded for 32-bit ops.
---
sys/arm64/include/atomic.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sys/arm64/include/atomic.h b/sys/arm64/include/atomic.h
index 99dd73d4f85f..9c5d6224f3e2 100644
--- a/sys/arm64/include/atomic.h
+++ b/sys/arm64/include/atomic.h
@@ -409,7 +409,7 @@ _ATOMIC_TEST_OP_PROTO(t, op, _llsc) \
uint##t##_t mask, old, tmp; \
int res; \
\
- mask = 1u << (val & 0x1f); \
+ mask = ((uint##t##_t)1) << (val & (t - 1)); \
__asm __volatile( \
"1: ldxr %"#w"2, [%3]\n" \
" "#llsc_asm_op" %"#w"0, %"#w"2, %"#w"4\n" \
@@ -427,7 +427,7 @@ _ATOMIC_TEST_OP_PROTO(t, op, _lse) \
{ \
uint##t##_t mask, old; \
\
- mask = 1u << (val & 0x1f); \
+ mask = ((uint##t##_t)1) << (val & (t - 1)); \
__asm __volatile( \
".arch_extension lse\n" \
"ld"#lse_asm_op" %"#w"2, %"#w"0, [%1]\n" \
--
2.30.0
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
To unsubscribe, send any mail to "[email protected]"
