i386 wire_count panic finally tracked down
Matthew Dillon
dillon at apollo.backplane.com
Wed Sep 26 10:08:26 PDT 2012
I may have finally tracked down the i386 wire_count panic. I noticed
that the pmap pointer in the last pkgbox32 crash dump doesn't seem to
be to any process's active pmap, meaning that it is related to a process
which had exited.
It appears to be a race against a pmap structure being dtor'd after
a process exit and a vm_page_protect() call on a vm_page. In this
situation page table pages can be removed from the pmap's VM object
unconditonally without vm_token being held, racing against a
vm_page_protect() occuring at the same time.
I will commit a likely fix in the next hour.
x86-64 does not seem to be vulnerable to this particular issue but I
am reviewing the code.
-Matt
More information about the Users
mailing list