Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 7 Feb 2018 22:41:32 +0000
From:      Steven Hartland <steven.hartland@multiplay.co.uk>
To:        Andriy Gapon <avg@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r328996 - head/sys/kern
Message-ID:  <1076365a-db07-0b28-9f97-3a7cc2a73dd6@multiplay.co.uk>
In-Reply-To: <201802072152.w17Lq0gd048728@repo.freebsd.org>
References:  <201802072152.w17Lq0gd048728@repo.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
What would be the expected behavior if this was triggered, app crash or 
kernel panic...?

On 07/02/2018 21:52, Andriy Gapon wrote:
> Author: avg
> Date: Wed Feb  7 21:51:59 2018
> New Revision: 328996
> URL: https://svnweb.freebsd.org/changeset/base/328996
>
> Log:
>    exec_map_first_page: fix an inverse condition introduced in r254138
>    
>    While the bug itself was serious, as we could either pass a non-busied
>    page to vm_pager_get_pages() or leak a busy page, it could only be
>    triggered under a very rare condition where the page is already inserted
>    into the object, but it is not valid yet.
>    
>    Reviewed by:	kib
>    MFC after:	2 weeks
>
> Modified:
>    head/sys/kern/kern_exec.c
>
> Modified: head/sys/kern/kern_exec.c
> ==============================================================================
> --- head/sys/kern/kern_exec.c	Wed Feb  7 20:36:37 2018	(r328995)
> +++ head/sys/kern/kern_exec.c	Wed Feb  7 21:51:59 2018	(r328996)
> @@ -1009,7 +1009,7 @@ exec_map_first_page(imgp)
>   			if ((ma[i] = vm_page_next(ma[i - 1])) != NULL) {
>   				if (ma[i]->valid)
>   					break;
> -				if (vm_page_tryxbusy(ma[i]))
> +				if (!vm_page_tryxbusy(ma[i]))
>   					break;
>   			} else {
>   				ma[i] = vm_page_alloc(object, i,
>




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1076365a-db07-0b28-9f97-3a7cc2a73dd6>