Sun May 23 19:13:27 2021 UTC ()
Fix a bug in pmap_tlb_shootdown_all_user(), where it was not
stashing away the pointer to the pmap in the TLB context structure
like pmap_tlb_shootdown() was doing.  This would result in the
following failure scenario:

- Page fault handler calls pmap_enter() to map a page.  Mapping
  is the first one for that L2 PT L3 PT, meaning that an L2 PT
  and an L3 PT must be allocated.
- L2 PT allocation succeeds.
- L3 PT allocation fails under memory pressure.
- pmap_enter() goes to drop the reference on the L2 PT, which, because
  it was the first of its mappings, frees the L2 PT.  Becuse PALcode
  may have already tried to service a TLB miss though that L2 PT, we
  must issue an all-user-VA shootdown, and call pmap_tlb_shootdown_all_user()
  to do so.
- pmap_tlb_shootnow() is called and an assert fires because the TLB
  context structure does not point to a pmap.

This did not fail in the pmap_remove() scenario because the TLB context
would have already had at least one call to pmap_tlb_shootdown(), which
was initializing the pmap pointer properly.

PR port-alpha/56200


(thorpej)
diff -r1.276 -r1.277 src/sys/arch/alpha/alpha/pmap.c
cvs diff -r1.276 -r1.277 src/sys/arch/alpha/alpha/pmap.c (expand / switch to unified diff)

--- src/sys/arch/alpha/alpha/pmap.c 2021/04/03 15:29:02 1.276
+++ src/sys/arch/alpha/alpha/pmap.c 2021/05/23 19:13:27 1.277
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: pmap.c,v 1.276 2021/04/03 15:29:02 thorpej Exp $ */ 1/* $NetBSD: pmap.c,v 1.277 2021/05/23 19:13:27 thorpej Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 1998, 1999, 2000, 2001, 2007, 2008, 2020 4 * Copyright (c) 1998, 1999, 2000, 2001, 2007, 2008, 2020
5 * The NetBSD Foundation, Inc. 5 * The NetBSD Foundation, Inc.
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * This code is derived from software contributed to The NetBSD Foundation 8 * This code is derived from software contributed to The NetBSD Foundation
9 * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility, 9 * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
10 * NASA Ames Research Center, by Andrew Doran and Mindaugas Rasiukevicius, 10 * NASA Ames Research Center, by Andrew Doran and Mindaugas Rasiukevicius,
11 * and by Chris G. Demetriou. 11 * and by Chris G. Demetriou.
12 * 12 *
13 * Redistribution and use in source and binary forms, with or without 13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions 14 * modification, are permitted provided that the following conditions
@@ -125,27 +125,27 @@ @@ -125,27 +125,27 @@
125 * this module may delay invalidate or reduced protection 125 * this module may delay invalidate or reduced protection
126 * operations until such time as they are actually 126 * operations until such time as they are actually
127 * necessary. This module is given full information as 127 * necessary. This module is given full information as
128 * to which processors are currently using which maps, 128 * to which processors are currently using which maps,
129 * and to when physical maps must be made correct. 129 * and to when physical maps must be made correct.
130 */ 130 */
131 131
132#include "opt_lockdebug.h" 132#include "opt_lockdebug.h"
133#include "opt_sysv.h" 133#include "opt_sysv.h"
134#include "opt_multiprocessor.h" 134#include "opt_multiprocessor.h"
135 135
136#include <sys/cdefs.h> /* RCS ID & Copyright macro defns */ 136#include <sys/cdefs.h> /* RCS ID & Copyright macro defns */
137 137
138__KERNEL_RCSID(0, "$NetBSD: pmap.c,v 1.276 2021/04/03 15:29:02 thorpej Exp $"); 138__KERNEL_RCSID(0, "$NetBSD: pmap.c,v 1.277 2021/05/23 19:13:27 thorpej Exp $");
139 139
140#include <sys/param.h> 140#include <sys/param.h>
141#include <sys/systm.h> 141#include <sys/systm.h>
142#include <sys/kernel.h> 142#include <sys/kernel.h>
143#include <sys/proc.h> 143#include <sys/proc.h>
144#include <sys/malloc.h> 144#include <sys/malloc.h>
145#include <sys/pool.h> 145#include <sys/pool.h>
146#include <sys/buf.h> 146#include <sys/buf.h>
147#include <sys/evcnt.h> 147#include <sys/evcnt.h>
148#include <sys/atomic.h> 148#include <sys/atomic.h>
149#include <sys/cpu.h> 149#include <sys/cpu.h>
150 150
151#include <uvm/uvm.h> 151#include <uvm/uvm.h>
@@ -733,26 +733,29 @@ static void @@ -733,26 +733,29 @@ static void
733pmap_tlb_shootdown_all_user(pmap_t const pmap, pt_entry_t const pte_bits, 733pmap_tlb_shootdown_all_user(pmap_t const pmap, pt_entry_t const pte_bits,
734 struct pmap_tlb_context * const tlbctx) 734 struct pmap_tlb_context * const tlbctx)
735{ 735{
736 KASSERT(pmap != pmap_kernel()); 736 KASSERT(pmap != pmap_kernel());
737 737
738 TLB_COUNT(shootdown_all_user); 738 TLB_COUNT(shootdown_all_user);
739 739
740 /* Note if an I-stream sync is also needed. */ 740 /* Note if an I-stream sync is also needed. */
741 if (pte_bits & PG_EXEC) { 741 if (pte_bits & PG_EXEC) {
742 TLB_COUNT(shootdown_all_user_imb); 742 TLB_COUNT(shootdown_all_user_imb);
743 TLB_CTX_SET_FLAG(tlbctx, TLB_CTX_F_IMB); 743 TLB_CTX_SET_FLAG(tlbctx, TLB_CTX_F_IMB);
744 } 744 }
745 745
 746 KASSERT(tlbctx->t_pmap == NULL || tlbctx->t_pmap == pmap);
 747 tlbctx->t_pmap = pmap;
 748
746 TLB_CTX_SET_ALLVA(tlbctx); 749 TLB_CTX_SET_ALLVA(tlbctx);
747} 750}
748 751
749static void 752static void
750pmap_tlb_shootdown_pv(const pv_entry_t pv, pt_entry_t const pte_bits, 753pmap_tlb_shootdown_pv(const pv_entry_t pv, pt_entry_t const pte_bits,
751 struct pmap_tlb_context * const tlbctx) 754 struct pmap_tlb_context * const tlbctx)
752{ 755{
753 uintptr_t flags = TLB_CTX_F_PV; 756 uintptr_t flags = TLB_CTX_F_PV;
754 757
755 TLB_COUNT(shootdown_pv); 758 TLB_COUNT(shootdown_pv);
756 759
757 if (tlbctx->t_pmap == NULL || tlbctx->t_pmap == pv->pv_pmap) { 760 if (tlbctx->t_pmap == NULL || tlbctx->t_pmap == pv->pv_pmap) {
758 if (tlbctx->t_pmap == NULL) { 761 if (tlbctx->t_pmap == NULL) {