Benjamin Herrenschmidt wrote: > No, Mel's patch is for a different problem and has been fixed upstream > already. This is more concerning... I'm not sure what's up but would > you be able to send a disassembly of the hpte_need_flush() function in > your kernel binary for me to see what access precisely caused the > fault ? > Was able to recreate this with git3 kernel. Here is the disassembly shm-fork 10 10 (64): PASS shm-fork 10 20 (32): cpu 0x1: Vector: 300 (Data Access) at [c0000000faa13490] pc: c000000000038240: .hpte_need_flush+0x1bc/0x2d8 lr: c0000000000380f0: .hpte_need_flush+0x6c/0x2d8 sp: c0000000faa13710 msr: 8000000000009032 dar: c00000005e5e0480 dsisr: 40000000 current = 0xc0000000f9bde3e0 paca = 0xc000000000b72600 pid = 12152, comm = shm-fork enter ? for help [c0000000faa13710] c000000000038264 .hpte_need_flush+0x1e0/0x2d8 (unreliable) [c0000000faa137d0] c000000000039fa4 .huge_ptep_get_and_clear+0x40/0x5c [c0000000faa13850] c00000000012d044 .__unmap_hugepage_range+0x178/0x2b8 [c0000000faa13940] c00000000012d1d8 .unmap_hugepage_range+0x54/0x88 [c0000000faa139e0] c000000000116f78 .unmap_vmas+0x178/0x8f4 [c0000000faa13b30] c00000000011c690 .unmap_region+0xfc/0x1e4 [c0000000faa13c00] c00000000011de20 .do_munmap+0x2f4/0x38c [c0000000faa13cc0] c0000000002f6a08 .SyS_shmdt+0xc0/0x188 [c0000000faa13d70] c00000000000c430 .sys_ipc+0x274/0x2fc [c0000000faa13e30] c000000000008534 syscall_exit+0x0/0x40 --- Exception: c01 (System Call) at 000004000021d2dc SP (fffee026010) is in userspace 1:mon> di $.hpte_need_flush c000000000038084 fac1ffb0 std r22,-80(r1) c000000000038088 7c0802a6 mflr r0 c00000000003808c f8010010 std r0,16(r1) c000000000038090 2fa70000 cmpdi cr7,r7,0 c000000000038094 fb21ffc8 std r25,-56(r1) c000000000038098 6cc01000 xoris r0,r6,4096 c00000000003809c fb41ffd0 std r26,-48(r1) c0000000000380a0 7cd93378 mr r25,r6 c0000000000380a4 fb61ffd8 std r27,-40(r1) c0000000000380a8 7cb62b78 mr r22,r5 c0000000000380ac fb81ffe0 std r28,-32(r1) ......... ......... 1:mon> c000000000038204 38090001 addi r0,r9,1 c000000000038208 78004602 rldicl r0,r0,40,24 c00000000003820c 7c004a14 add r0,r0,r9 c000000000038210 78090220 clrldi r9,r0,40 c000000000038214 2fbd0000 cmpdi cr7,r29,0 c000000000038218 409e0010 bne cr7,c000000000038228 # .hpte_need_flush+0x1a4/0x2d8 c00000000003821c 7929e0e4 rldicr r9,r9,28,35 c000000000038220 7be00120 clrldi r0,r31,36 c000000000038224 4800000c b c000000000038230 # .hpte_need_flush+0x1ac/0x2d8 c000000000038228 792945c6 rldicr r9,r9,40,23 c00000000003822c 7be00600 clrldi r0,r31,24 c000000000038230 7d3f0378 or r31,r9,r0 c000000000038234 7c1cb82e lwzx r0,r28,r23 c000000000038238 3d360001 addis r9,r22,1 c00000000003823c 2f800000 cmpwi cr7,r0,0 c000000000038240 eb898000 ld r28,-32768(r9) <<== +0x1bc should be this 1:mon> r R00 = 0000000000000000 R16 = 0000000023aa4db0 R01 = c0000000faa13710 R17 = 0000000000000000 R02 = c000000000a9d788 R18 = ffffffffffff9010 R03 = 0000000000000004 R19 = 0000000000000000 R04 = 000003fff0000000 R20 = 0000000000000000 R05 = c00000005e5d8480 R21 = 0000040000000000 R06 = 0000364008000393 R22 = c00000005e5d8480 R07 = 0000000000000001 R23 = 0000000000750000 R08 = 0000000000000004 R24 = 0000000000000000 R09 = c00000005e5e8480 R25 = 0000364008000393 R10 = 000000000003fff0 R26 = c0000000673f0680 R11 = 0000000000000280 R27 = 0000000000000004 R12 = 0000000044022422 R28 = c000000000890430 R13 = c000000000b72600 R29 = 0000000000000001 R14 = 00000000ffffffff R30 = c000000000fe0430 R15 = ffffffffffffffff R31 = 8812ebfff0000000 pc = c000000000038240 .hpte_need_flush+0x1bc/0x2d8 lr = c0000000000380f0 .hpte_need_flush+0x6c/0x2d8 msr = 8000000000009032 cr = 44022422 ctr = c00000000025cc28 xer = 0000000000000001 trap = 300 dar = c00000005e5e0480 dsisr = 40000000 1:mon> Have attached the complete disassembly. Thanks -Sachin -- --------------------------------- Sachin Sant IBM Linux Technology Center India Systems and Technology Labs Bangalore, India ---------------------------------