Re: Possible bug in tlb shootdown patch (IA64)

Re: Possible bug in tlb shootdown patch (IA64)

[Ben LaHaise]

On Fri, 25 May 2001, Jack Steiner wrote:

> I posted this to linux-mm@kvack.org but failed to
> send you a copy.
>
> ----
>
> We hit a problem that looks like it is related to the tlb
> shootdown patch.

Thanks for the analysis.  I think the following patch should help...

		-ben


diff -urN v2.4.4-ac17/mm/memory.c wrk/mm/memory.c
--- v2.4.4-ac17/mm/memory.c	Thu May 24 19:45:18 2001
+++ wrk/mm/memory.c	Fri May 25 15:10:16 2001
@@ -285,9 +285,9 @@
 		return 0;
 	}
 	ptep = pte_offset(pmd, address);
-	address &= ~PMD_MASK;
-	if (address + size > PMD_SIZE)
-		size = PMD_SIZE - address;
+	offset = address & ~PMD_MASK;
+	if (offset + size > PMD_SIZE)
+		size = PMD_SIZE - offset;
 	size &= PAGE_MASK;
 	for (offset=0; offset < size; ptep++, offset += PAGE_SIZE) {
 		pte_t pte = *ptep;

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/

Re: Possible bug in tlb shootdown patch (IA64)

[Jack Steiner]

> 
> On Fri, 25 May 2001, Jack Steiner wrote:
> 
> > I posted this to linux-mm@kvack.org but failed to
> > send you a copy.
> >
> > ----
> >
> > We hit a problem that looks like it is related to the tlb
> > shootdown patch.
> 
> Thanks for the analysis.  I think the following patch should help...
> 
> 		-ben
> 
> 
> diff -urN v2.4.4-ac17/mm/memory.c wrk/mm/memory.c
> --- v2.4.4-ac17/mm/memory.c	Thu May 24 19:45:18 2001
> +++ wrk/mm/memory.c	Fri May 25 15:10:16 2001
> @@ -285,9 +285,9 @@
>  		return 0;
>  	}
>  	ptep = pte_offset(pmd, address);
> -	address &= ~PMD_MASK;
> -	if (address + size > PMD_SIZE)
> -		size = PMD_SIZE - address;
> +	offset = address & ~PMD_MASK;
> +	if (offset + size > PMD_SIZE)
> +		size = PMD_SIZE - offset;
>  	size &= PAGE_MASK;
>  	for (offset=0; offset < size; ptep++, offset += PAGE_SIZE) {
>  		pte_t pte = *ptep;
> 

I didnt try the code, but I think there is still a problem.

It looks like the patch addresses only part of the problem. There
is also code in zap_pmd_range that will mask off the upper bits of the
address being flushed. The call to tlb_remove_page() in zap_pte_range()
must pass the entire user virtual address that is being removed.



-- 
Thanks

Jack Steiner    (651-683-5302)   (vnet 233-5302)      steiner@sgi.com

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/

Possible bug in tlb shootdown patch (IA64)

[Jack Steiner]

We hit a problem that looks like it is related to the tlb
shootdown patch. 

We are running on an IA64. The application does frequent
mmap/munmap operations. The initial symptom was that although the 
the application normally ran fine, it would fail intermittently 
when a "ps -efl" was run. The cause of the failure was stale
TLB entries from a prior mmap mapping.

The problem appears to be caused by the following sequence in
the tlb_remove_page/tlb_finish_mmu macros that are called as
part of do_munmap->zap_page_range->zap_pmd_range->zap_pte_range:


	- tlb_gather_mmu is called while "ps" is also looking
	  at the address space (ie., mm->mm_users >1)

	- tlb_remove_page is called. "address" is not the user virtual
	  being unmapped - it is a relative offset into a page table. 
	  This address gets stashed in the free_pte_ctx struct.

	- tlb_finish_mmu calls flush_tlb_range & passes the stashed 
	  address (ctx->start_addr) to flush_tlb_range. Since this
	  is not the user virtual address being unmapped, it causes 
	  the TLB shootdown to fail.

	
Does this make sense and is this a known problem. Perhap I am just running
with an old patch.


-- 
Thanks

Jack Steiner    (651-683-5302)        steiner@sgi.com

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux.eu.org/Linux-MM/