• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: copyout across 256MB boundary bug in 10.4.1
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: copyout across 256MB boundary bug in 10.4.1

  • Subject: Re: copyout across 256MB boundary bug in 10.4.1
  • From: Andrew Gallatin <email@hidden>
  • Date: Mon, 11 Jul 2005 12:10:07 -0400 (EDT)
I apologize for the delayed reply..  I was on vacation all last week.

William Kucharski writes:
 > On Jun 30, 2005, at 4:55 PM, Andrew Gallatin wrote:
 >
 > > It seems rock solid for small buffers, but once I get over a few
 > > hundred megs, I see some "interesting" corruption.  The corruption
 > > starts at user address 0x10000000 and continues through the page
 > > starting at 0x1006f000.  Another "bad spot" appears at 0x20000000 and
 > > continues through the page starting at 0x2006f000.  Moreover, the
 > > contents which should appear at 0x20000000..0x2006ffff appear at
 > > 0x10000000..0x1006ffff, while I see stale data at
 > > 0x20000000..0x2006ffff.  This makes it seem like large copyouts which
 > > cross a 256MB boundary may wrap around, and write to exactly 256MB
 > > below the desired address.
 >
 > 256MB boundaries are "magic" as they denote the PPC "segment" to be
 > referenced, and segment registers are part of the PPC VM translation
 > mechanism.  Simply put, each 256MB-aligned chunk is translated using
 > a different segment register value. (For 32-bit PPCs, the segment ID
 > is the virtual address & 0xf0000000).
 >
 > The copyin/copyout mechanism works in an interesting manner, mapping
 > 512MB chunks of the user memory space into the kernel address range
 > 0xe0000000 - 0xffffffff.
 >
 > So for example, accesses to virtual address 0x1000 would be mapped via
 > the kernel to kernel address 0xe0001000.
 >
 > For what you're seeing to make sense, what must be happening is that
 > since you're wrapping around a 256MB boundary, the segment register
 > that SHOULD be programmed for the next 256MB "chunk" is actually being
 > programmed to point to the original 256MB chunk.

Excellent.  I'm glad this makes sense in some way ;)

 > Do you see this same failure on 32-bit PPCs, or just on G5s?  I know
 > you mentioned your test machine was a G5, but I'm just curious if we
 > can rule out the 32-bit VM code here.

I have not tested yet on G4s.  My only G4 is running 10.3, and I've
only been able to reproduce the problem under 10.4.  Additionally,
I'm not 100% certain that a G4 will accept the PCI-X card whose
driver is exercising this failure.   If, after a week, it would
still be helpful to you to know if this happens on G4s, I will
try to install a card in a G4 and update it to 10.4.

Thanks,

Drew

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: copyout across 256MB boundary bug in 10.4.1 (From: William Kucharski <email@hidden>)

  • Prev by Date: Re: File level action protocol
  • Next by Date: ctl_enqueuedata ENOBUFS error
  • Previous by thread: Re: copyout across 256MB boundary bug in 10.4.1
  • Next by thread: file read/write routine in Driver Code
  • Index(es):
    • Date
    • Thread