Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!ll-xn!husc6!bloom-beacon!jtkohl
From: jtkohl@athena.mit.edu (John T Kohl)
Newsgroups: comp.bugs.4bsd
Subject: 4.3BSD fodkluster() bug
Message-ID: <877@bloom-beacon.MIT.EDU>
Date: Tue, 9-Jun-87 09:43:06 EDT
Article-I.D.: bloom-be.877
Posted: Tue Jun  9 09:43:06 1987
Date-Received: Fri, 12-Jun-87 02:08:31 EDT
Sender: daemon@bloom-beacon.MIT.EDU
Reply-To: jtkohl@athena.mit.edu (John T Kohl)
Distribution: world
Organization: Massachusetts Institute of Technology
Lines: 35

Index: sys/sys/vm_page.c, 4.3BSD and derivatives, including Wisconsin
	4.3+NFS

Description:
	When paging in a new process, it is possible that fodkluster()
	is called as part of pagein().  In this case, it tries to
	decrement an unsigned which is set to zero, and check if it is
	less than some value. This produces a panic shortly thereafter.

Fix:
	For binary sites, you can patch the global nofodklust to be
	non-zero in a running system (it's BSS, so you can't patch the
	kernel).  Source sites cann apply this patch (your line numbers
	will almost certainly be different):

*** /tmp/,RCSt1020091	Tue Jun  9 09:34:09 1987
--- vm_page.c	Fri Jun  5 11:18:18 1987
***************
*** 1271,1276 ****
--- 1271,1281 ----
  	bn = *pbn;
  	v = v0;
  	for (klsize = 1; klsize < KLMAX; klsize++) {
+ 		/* since v is unsigned, we must never decrement it below
+ 		   zero or the v < vmin test will fail and we can
+ 		   end up calling vtod with an invalid v */
+ 		if (v < CLSIZE)
+ 			break;
  		v -= CLSIZE;
  		if (v < vmin)
  			break;

----
John Kohl
MIT/Project Athena