Date: Thu, 17 May 2018 14:07:52 -0400 From: Mark Johnston <markj@freebsd.org> To: Conrad Meyer <cem@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r333703 - head/sys/vm Message-ID: <20180517180752.GA5515@raichu> In-Reply-To: <CAG6CVpWpQgJOyXpN3z%2B7xBu2%2BQ_gRvXDfhVLvrKfUp7EgFzvDQ@mail.gmail.com> References: <201805170427.w4H4R8lv058775@repo.freebsd.org> <CAG6CVpWpQgJOyXpN3z%2B7xBu2%2BQ_gRvXDfhVLvrKfUp7EgFzvDQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 17, 2018 at 10:07:34AM -0700, Conrad Meyer wrote: > On Wed, May 16, 2018 at 9:27 PM, Mark Johnston <markj@freebsd.org> wrote: > > Author: markj > > Date: Thu May 17 04:27:08 2018 > > New Revision: 333703 > > URL: https://svnweb.freebsd.org/changeset/base/333703 > > > > Log: > > Fix a race in vm_page_pagequeue_lockptr(). > > > > The value of m->queue must be cached after comparing it with PQ_NONE, > > since it may be concurrently changing. > > > > Reported by: glebius > > What were the symptoms of this issue? The test plan in the linked > phabricator revision says: > > "Gleb reported seeing panics as a result of the use of a bogus index > into the pagequeue array, and also reported that this patch fixed the > panics." > > So an attempt to lock pagequeues[PQ_NONE=255].pq_mutex, which is > either something later in the vm_domain object, or bogus memory? One > of the mtx asserts trips? I think it was "mtx_lock() of spin mutex"; I didn't get a lot of details. I failed to note in the commit message that this race was introduced in r332974.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180517180752.GA5515>