From owner-svn-src-all@FreeBSD.ORG Sun Sep 8 17:51:23 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 34F07D0D; Sun, 8 Sep 2013 17:51:23 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 2047D28EF; Sun, 8 Sep 2013 17:51:23 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r88HpMNi047153; Sun, 8 Sep 2013 17:51:22 GMT (envelope-from kib@svn.freebsd.org) Received: (from kib@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r88HpM0s047151; Sun, 8 Sep 2013 17:51:22 GMT (envelope-from kib@svn.freebsd.org) Message-Id: <201309081751.r88HpM0s047151@svn.freebsd.org> From: Konstantin Belousov Date: Sun, 8 Sep 2013 17:51:22 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r255396 - in head/sys: kern vm X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Sep 2013 17:51:23 -0000 Author: kib Date: Sun Sep 8 17:51:22 2013 New Revision: 255396 URL: http://svnweb.freebsd.org/changeset/base/255396 Log: Drain for the xbusy state for two places which potentially do pmap_remove_all(). Not doing the drain allows the pmap_enter() to proceed in parallel, making the pmap_remove_all() effects void. The race results in an invalidated page mapped wired by usermode. Reported and tested by: pho Reviewed by: alc Sponsored by: The FreeBSD Foundation Approved by: re (glebius) Modified: head/sys/kern/vfs_bio.c head/sys/vm/vm_object.c Modified: head/sys/kern/vfs_bio.c ============================================================================== --- head/sys/kern/vfs_bio.c Sun Sep 8 17:47:14 2013 (r255395) +++ head/sys/kern/vfs_bio.c Sun Sep 8 17:51:22 2013 (r255396) @@ -1693,6 +1693,12 @@ brelse(struct buf *bp) KASSERT(presid >= 0, ("brelse: extra page")); VM_OBJECT_WLOCK(obj); + while (vm_page_xbusied(m)) { + vm_page_lock(m); + VM_OBJECT_WUNLOCK(obj); + vm_page_busy_sleep(m, "mbncsh"); + VM_OBJECT_WLOCK(obj); + } if (pmap_page_wired_mappings(m) == 0) vm_page_set_invalid(m, poffset, presid); VM_OBJECT_WUNLOCK(obj); Modified: head/sys/vm/vm_object.c ============================================================================== --- head/sys/vm/vm_object.c Sun Sep 8 17:47:14 2013 (r255395) +++ head/sys/vm/vm_object.c Sun Sep 8 17:51:22 2013 (r255396) @@ -1910,6 +1910,12 @@ again: * not specified. */ vm_page_lock(p); + if (vm_page_xbusied(p)) { + VM_OBJECT_WUNLOCK(object); + vm_page_busy_sleep(p, "vmopax"); + VM_OBJECT_WLOCK(object); + goto again; + } if ((wirings = p->wire_count) != 0 && (wirings = pmap_page_wired_mappings(p)) != p->wire_count) { if ((options & (OBJPR_NOTWIRED | OBJPR_NOTMAPPED)) ==