Date: Wed, 7 Feb 2018 22:41:32 +0000 From: Steven Hartland <steven.hartland@multiplay.co.uk> To: Andriy Gapon <avg@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r328996 - head/sys/kern Message-ID: <1076365a-db07-0b28-9f97-3a7cc2a73dd6@multiplay.co.uk> In-Reply-To: <201802072152.w17Lq0gd048728@repo.freebsd.org> References: <201802072152.w17Lq0gd048728@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
What would be the expected behavior if this was triggered, app crash or kernel panic...? On 07/02/2018 21:52, Andriy Gapon wrote: > Author: avg > Date: Wed Feb 7 21:51:59 2018 > New Revision: 328996 > URL: https://svnweb.freebsd.org/changeset/base/328996 > > Log: > exec_map_first_page: fix an inverse condition introduced in r254138 > > While the bug itself was serious, as we could either pass a non-busied > page to vm_pager_get_pages() or leak a busy page, it could only be > triggered under a very rare condition where the page is already inserted > into the object, but it is not valid yet. > > Reviewed by: kib > MFC after: 2 weeks > > Modified: > head/sys/kern/kern_exec.c > > Modified: head/sys/kern/kern_exec.c > ============================================================================== > --- head/sys/kern/kern_exec.c Wed Feb 7 20:36:37 2018 (r328995) > +++ head/sys/kern/kern_exec.c Wed Feb 7 21:51:59 2018 (r328996) > @@ -1009,7 +1009,7 @@ exec_map_first_page(imgp) > if ((ma[i] = vm_page_next(ma[i - 1])) != NULL) { > if (ma[i]->valid) > break; > - if (vm_page_tryxbusy(ma[i])) > + if (!vm_page_tryxbusy(ma[i])) > break; > } else { > ma[i] = vm_page_alloc(object, i, >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1076365a-db07-0b28-9f97-3a7cc2a73dd6>