[Barrelfish-users] A Bug of ram_alloc_remote -- Affinity Issues

Kornilios Kourtis kornilios.kourtis at inf.ethz.ch
Thu Aug 2 10:15:31 CEST 2012 

Hi Jinghao,

On Wed, Aug 01, 2012 at 08:32:31PM +0800, Shi Jinghao wrote:
> In ram_alloc_remote, there is a hack that before we obtain the
> ram_alloc_lock and do the actual transport, we first check if cs->space ==
> 1: if yes, we do a pair of dummy slot_alloc and slot_free to help the
> slot_allocator grow itself. But since slot_alloc may involve another
> ram_alloc call, we need to reset the affinity to the default (0, 0) before
> slot_alloc and restore the affinity after slot_free.
> 
> I found this bug when I repeatly do: set affinity to
> (0x80000000-0xc0000000) (shared memory on SCC), allocate a 4K frame use
> frame_alloc, set the affinity back to (0, 0). After a certain number of
> iterations, all the slot in slot_allocator are consumed and trigger the
> dummy slot_alloc/slot_free operation. Then the slot_alloc failed since at
> the moment, the affinity is not the default (0, 0) but
> (0x80000000,0xc0000000). So the new frame is allocated on a non-expected
> physical memory region and somehow a page fault is triggered, which cause
> the system to crash.
> 
> Here is the fix patch, FYI.
> 
> diff -r ba0440b6d59d lib/barrelfish/ram_alloc.c
> --- a/lib/barrelfish/ram_alloc.c Wed Aug 01 20:17:53 2012 +0800
> +++ b/lib/barrelfish/ram_alloc.c Wed Aug 01 20:18:31 2012 +0800
> @@ -35,6 +35,7 @@
>      struct slot_alloc_state *sas = get_slot_alloc_state();
>      struct slot_allocator *ca = (struct slot_allocator*)(&sas->defca);
>      if (ca->space == 1) {
> +        ram_set_affinity(0, 0);
>          struct capref cap;
>          err = slot_alloc(&cap);
>          if (err_is_fail(err)) {
> @@ -44,6 +45,7 @@
>          if (err_is_fail(err)) {
>              return err_push(err, LIB_ERR_SLOT_FREE);
>          }
> +        ram_set_affinity(minbase, maxlimit);
>      }
> 
>      assert(ret != NULL);

Thanks for finding the bug and providing the patch. It looks a reasonable
fix to me. We 'll have a closer look, and make it a part of our next
release if everything checks out.

cheers,
Kornilios.


-- 
Kornilios Kourtis

More information about the Barrelfish-users mailing list