I was playing with the bounce buffer in the fd server some more, and
I started having a new problem: when the fd server exits after a
session when the bounce buffer is NOT used, the kernel panics. It
happens during a long series of sanity checks in pset.c.
I suspect that the assert itself is in error. The logic of the sanity
check is that if a page is valid (PP_V), then it should have a cached
reference on the attach list (this is after all of the references are
freed.) But in the case of the fd server, when the bounce buffer is
allocated, page_wire needs to get a physical address, so it calls
pset_fillslot, but then immediately decrements the reference count
because it's not going to attach it yet. That procedure causes the
page to become valid, but if the page is never actually referenced
by the process, it will never end up with even a cache reference.
This causes the panic "v !atl".
Since the data structures accurately represent the state of the
system (no bad pointers or wrong reference counts, etc.), it seems
to me that this is a false alarm. Andy?
This problem is easy to replicate: write a program that mmaps
a buffer of anonymous memory, wire it and then try to exit. It'll
panic. If you write anything to the buffer before you exit, though,
the panic won't happen.
The original fd server doesn't have this problem, even when it
never uses the bounce buffer. This means that a reference does get
on the attach list. However, it is exactly this condition that
causes mach_page_wire to fail on certain machines (if the page
is above the 16M mark, it requires that the page is not referenced
in order to move it.) This is the problem that I was originally
trying to fix by changing malloc() to mmap().
Received on Wed Jun 2 18:51:38 1999
This archive was generated by hypermail 2.1.8 : Thu Sep 22 2005 - 15:12:56 PDT