RE: 2.4.31 TLB corruption

From: Smarduch Mario-CMS063 <>
Date: 2005-06-22 07:22:50
FYI, shrinking the RID range does reproduce the
problem easily. Its also reproducable on 2.6.7.

- Mario

-----Original Message-----
From: David Mosberger [] 
Sent: Wednesday, June 15, 2005 11:26 AM
To: Smarduch Mario-CMS063
Subject: Re: 2.4.31 TLB corruption

It does look to me like there is a race-condition between
delayed_tlb_flush() and wrap_mmu_context().  I can't say I have seen of heard any such problem on 2.6, but a worthwhile experiment to try might be to claim an artifically small number of region-ids (8 or 16 should be enough).  That way, wrap_mmu_context() will be called much more frequently and it should be easier to demonstrate any problems.


>>>>> On Wed, 15 Jun 2005 10:34:23 -0500, Smarduch Mario-CMS063 
>>>>> <> said:

  Mario> Here's the race condition that appears possible. Considering
  Mario> a context range (for per task RID selection) 1-100.  The real
  Mario> range is 21 bits wide, and starting context == 300, resulting
  Mario> in much sparser context selection values and thus much more
  Mario> difficult to trip.

  Mario> But for example after next==100 there are the following
  Mario> context values that exist owned by various tasks: 1,2,10.

  Mario> Now on a 2 way system 1 is executing on CPU 0 and 2 on CPU
  Mario> 1. Both happen to run fork() eventually winding up in
  Mario> dup_mmap().

  Mario> CPU 0 (orig ctxt=1): CPU 1 (orig ctxt=2): ------ ------ -
  Mario> Both call flush_tlb_mm() this sets their mm->context == 0 -
  Mario> eventually both get into activate_context(mm) - grabs
  Mario> ia64_ctx.lock first - context wrap around wrap_mmu_contxt()
  Mario> gets called - chooses context=1, limit=10 - flushes local
  Mario> TLB, marks lazy flush needed on 0.  - now acquires
  Mario> ia64_ctx.lock - chooses context=2 and installs it in its RRs
  Mario> - appears to resume in user mode with matching RID of task
  Mario> running on CPU1 (i.e. with its previous TLBs with RID=2
  Mario> installed)

  Mario> This whole scheme is complex and elusive I'd appreciate
  Mario> feedback from this group.

  Mario> - mario - To unsubscribe from this list: send the line
  Mario> "unsubscribe linux-ia64" in the body of a message to
  Mario> More majordomo info at
To unsubscribe from this list: send the line "unsubscribe linux-ia64" in
the body of a message to
More majordomo info at
Received on Tue Jun 21 17:43:18 2005

This archive was generated by hypermail 2.1.8 : 2005-08-02 09:20:39 EST