Please sign in to comment.
kernel - Fix i386 wire_count panics
* Tracked down to a situation where a pmap structure is being dtor'd by the objcache simultaniously with a vm_page_protect() operation on a page table page's vm_page_t. (1) vm_page_protect() begins running, finds page table page to remove, removes the related pv_entry, but then gets stuck waiting for the pmap->pm_pteobj (vm_object token). (2) Exit on another thread simultaniously removes all remaining VM pages from the pmap. However, due to #(1), there is still an active page table page in pmap->pm_pteobj that the exit code has no visibility to. (3) The related pmap is then dtor'd due to heavy fork/exec/exit load on the system. The VM page is still present, vm_page_protect() is still stuck on the token (or hasn't gotten cpu back). (4) Nominal vm_object_terminate() destroys the page table page. (5) vm_page_protect() unblocks and tries to destroy the page. (6) BOOM. * This fix places a barrier between the normal process exit code and the dtor which will block while a vm_page_protect() is active on the pmap. * This time for sure, but if not we still know that the problem is related to this exit race.
- Loading branch information...
Showing with 60 additions and 23 deletions.