netbsd-bugs: port-arm32/5666: arm32 pmap does not free PTs once all mappings are removed

Subject: port-arm32/5666: arm32 pmap does not free PTs once all mappings are removed
To: None <gnats-bugs@gnats.netbsd.org>
From: Jason R Thorpe <thorpej@nas.nasa.gov>
List: netbsd-bugs
Date: 06/26/1998 15:58:12

>Number:         5666
>Category:       port-arm32
>Synopsis:       arm32 pmap does not free PTs once all mappings are removed
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin (GNATS administrator)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jun 26 16:20:00 1998
>Last-Modified:
>Originator:     
>Organization:
Numerical Aerospace Simulation Facility - NASA Ames
>Release:        NetBSD 1.3F, June 26, 1998
>Environment:
	
System: NetBSD jaws 1.3F NetBSD 1.3F (JAWS) #1: Fri Jun 26 14:05:13 PDT 1998 thorpej@jaws:/tmp_mnt/dracul/u5/netbsd/src/sys/arch/arm32/compile/JAWS arm32


>Description:
	The arm32 pmap dynamically allocates level 2 page table pages when
	they are needed.  However, it does not track references to these
	tables.  This means that once all of the mappings are removed for
	a particular level 2 table, the page is not freed back to the system,
	until the pmap is destroyed, when the process exits.

	This is a problem if the system goes into a desperate memory
	condition, and begins to swap out processes.  When a process
	is swapped out, the VM system calls pmap_collect() with that
	process's pmap, so that the pmap module can free resources in
	use by that pmap.  Since the pmap module is allowed to "forget"
	mappings for a map at any time, it would be able to pmap_remove()
	the entire user address space of that pmap, thus freeing up the
	level 2 PT pages.  However, since pmap_remove() doesn't free those
	pages back, doing so is useless.

	For an example of how this is done, take a look at the NetBSD/alpha
	pmap module: src/sys/arch/alpha/alpha/pmap.c.

>How-To-Repeat:
	I managed to tickle this by doing a few parallel kernel builds on
	my 32M Shark.  Eventually, the pmap module died because no more
	free pages were available.  It should have been able to hobble
	along a little longer if pages were freed up as it began to swap
	out processes.

>Fix:
	An implementation that tracks PT page references and removes
	mappings (thus freeing pages to the system) in pmap_collect()
	can be found at: src/sys/arch/alpha/alpha/pmap.c.  This could
	be used as an example of how to implement it for the arm32 pmap.
>Audit-Trail:
>Unformatted: