On Sun, Sep 08, 2013 at 11:40:01PM +0200, Oliver Pinter wrote: > #6 0xffffffff806a2ab3 in cpuctl_ioctl (dev=<value optimized out>, > cmd=<value optimized out>, data=<value optimized out>, flags=0, > td=<value optimized out>) at /usr/src/sys/dev/cpuctl/cpuctl.c:478 > cpu = <value optimized out> > ret = <value optimized out>
Do you indeed posses VIA CPU ? Was it due to some violence act ?
I am not sure about the first panic, lets fix the malloc/free corruption
and see. The proc_reap() issue might be a consequence of the memory
corruption from the wrong free().
There is no public documentation for VIA CPUs, at least I was not
able to find anything when I looked. According to the comment in the
update_via(), all what is needed is that update buffer was 4-bytes
aligned, which is always guaranteed by our malloc(9), at least for the
allocation of size >=4.
Try this.
diff --git a/sys/dev/cpuctl/cpuctl.c b/sys/dev/cpuctl/cpuctl.c
index 4e5abb2..ca5ed56 100644
--- a/sys/dev/cpuctl/cpuctl.c
+++ b/sys/dev/cpuctl/cpuctl.c
@@ -408,10 +408,10 @@ fail:
static int
update_via(int cpu, cpuctl_update_args_t *args, struct thread *td)
{
- void *ptr = NULL;
+ void *ptr;
uint64_t rev0, rev1, res;
uint32_t tmp[4];
- int is_bound = 0;
+ int is_bound;
int oldcpu;
int ret;
@@ -427,8 +427,7 @@ update_via(int cpu, cpuctl_update_args_t *args, struct
thread *td)
/*
* 4 byte alignment required.
*/
- ptr = malloc(args->size + 16, M_CPUCTL, M_WAITOK);
- ptr = (void *)(16 + ((intptr_t)ptr & ~0xf));
+ ptr = malloc(args->size, M_CPUCTL, M_WAITOK);
if (copyin(args->data, ptr, args->size) != 0) {
DPRINTF("[cpuctl,%d]: copyin %p->%p of %zd bytes failed",
__LINE__, args->data, ptr, args->size);
pgp3xfweHRNN_.pgp
Description: PGP signature
