Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: Notesfiles $Revision: 1.6.2.17 $; site uok.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!mhuxj!ihnp4!inuxc!pur-ee!uiucdcs!uok!ps
From: ps@uok.UUCP
Newsgroups: net.bugs.2bsd
Subject: Serious mapping problem with 2.9
Message-ID: <18300002@uok.UUCP>
Date: Tue, 23-Oct-84 19:41:00 EDT
Article-I.D.: uok.18300002
Posted: Tue Oct 23 19:41:00 1984
Date-Received: Fri, 26-Oct-84 02:50:25 EDT
Lines: 77
Nf-ID: #N:uok:18300002:000:2371
Nf-From: uok!ps    Oct 23 18:41:00 1984


Subject: panic: trap type 11
Index:	/usr/include/sys/seg.h 2.9bsd

Description:
	The system crashes with a 'panic: trap type 11'.  This is
	quite possible on a system compiled with NOKA5 undefined
	and data extending up into the fifth segment. (> 40K data+bss)
	The machine may also just stop without saying very much (anything?)
	if you get two segmentation violations in a short period of time.
	In this last case, the machine will not even reboot itself because
	it is spinning in trap().

Repeat-By:
	Hard to repeat on demand.  This problem seems to be timing
	dependant.  A possible scenario is:

		buffer gets mapped in:
			*KDSD5 = (BSIZE << 2) | RW
			*KDSA5 = click address in buffer pool
			... (copying buffer)
		clock interrupts: 
			map[0].se_addr = *KDSA5;
			map[0].se_desc = *KDSD5;
			*KDSD5 = seg5.se_desc;
			*KDSA5 = seg5.se_addr;
			... (handle 1 second clock processing)
			...	((++lbolt >= hz) && BASEPRI(ps)) is true
			...	drop the priority to spl1().
			... finish processing, start the restormap stuff
			*KDSD5 = map[0].se_desc;
		disk interrupts:
			calls wakeup to notify process of completion of I/O
			no Savemap() done because *KDSA5 == seg5.se_addr
			and KDSD5 is not checked.
				(notice, KDSD5 wrong, KDSA5 correct)
			wakeup tries to reference something beyond the size
			of a buffer in the fifth segment,
				segmentation violation!

Fix:
	The solution appears to be to change the savemap() macro
	in /usr/include/sys/seg.h.  Both the address and descriptor
	registers need to be checked when deciding whether to call
	Savemap().

	It was:
	#define	savemap(map)	{if (*KDSA5 != seg5.se_addr) Savemap(map); \
			 	else map[0].se_desc = NOMAP; }

	It should be changed to:
	#define	savemap(map) \
		{\
		if (*KDSA5 != seg5.se_addr || *KDSD5 != seg5.se_desc)\
			Savemap(map);\
		else\
			map[0].se_desc = NOMAP;\
		}

	There is also a small problem in sys/machdep.c in the Restormap()
	routine.  The code to restore the values of KDS?5 is done in the
	wrong order and should be reversed.

	It was:
		*KDSA5 = map[0].se_addr;
		*KDSD5 = map[0].se_desc;

	It should be:
		*KDSD5 = map[0].se_desc;
		*KDSA5 = map[0].se_addr;


	We have been running on a kernel with these changes for about two
	weeks with no apparent problems.  Prior to making these changes,
	we would crash at random times, varying from about 5 minutes to 48
	hours.