[alc at FreeBSD.org: cvs commit: src/sys/vm vm_page.c vm_pageout.c]

Alan Cox alc at cs.rice.edu
Sat Feb 14 03:38:33 PST 2004

On Sat, Feb 14, 2004 at 02:50:46AM -0800, Matthew Dillon wrote:
>     Thanks for the head's up, Xin.
>     Alan, when I looked into this a bit more deeply I think there is an
>     even more serious problem which still needs to be fixed.  The problem
>     is that the PTE entry on the foreign cpu may be loaded into the 
>     foreign CPU's TLB.  When pmap_remove_all() recurses through removing
>     the pte from the various page tables it calls loadandclear(pte), but
>     this is not sufficient to synchronize TLB on the target cpu.  The
>     TLB invalidate done later is far too late (and, in fact, there is no
>     way an asynch TLB invalidate could ever be used to solve this problem).
> ...

This is correct.  Our shootdown code has a race.  The old Mach pmaps
have a correct implementation and as you conclude it can't be done
entirely asynchronously.  (I imagine that Darwin has it right as
well.)  For an overview, take a look at the algorithm labeled "CMU
Mach" on http://www.cs.rochester.edu/u/www/courses/456/spring99/lecture/lecture9.html.  (The other algorithms are for NUMA architectures and don't
apply to us.)

I expect that I'll address this when I complete the pmap locking.
Nobody else appears to be in a hurry to fix this.  :-)


More information about the Bugs mailing list