From owner-svn-src-all@freebsd.org Wed Feb 7 22:41:33 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 98AA0EE02C2 for ; Wed, 7 Feb 2018 22:41:33 +0000 (UTC) (envelope-from steven.hartland@multiplay.co.uk) Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1000582B6D for ; Wed, 7 Feb 2018 22:41:33 +0000 (UTC) (envelope-from steven.hartland@multiplay.co.uk) Received: by mail-wm0-x22d.google.com with SMTP id v71so6339897wmv.2 for ; Wed, 07 Feb 2018 14:41:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=multiplay-co-uk.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=Vd6FHw8IOpwL0ej68WA3M77rvMOZ7UbiOYuJYbWiSMU=; b=HS2JwDE6OflnyvrLgc39Tv5j5d9d6mb9YGplBcX1Y6QnsZxMZ7wHiszOG4IL9yYzJL b+Gv5Nn6axh8pt151WF+yN92TmZQEuwk0yLVwMBJcbkcXgnf1A+NnMkO9DSgIQ48a6aI ivzfT3AEzC62FXSmlgNw1lQ7AqOibiplJfD3cn9HRme/e4l26U/RBj3v3aZTSE0Ckn5f 5dLVdmqYgSQX+JfSVGfRPI8BwJLGv6gevjdWMYHhX59A1l79rHQvQ7fwMjEQ7K+3DH8b aPkzkOIyjSS3GCcHFj98k+0jWXBxfb3f49IaO4amCUPK3K5LicqQ9PAlebpxvLgghJtL TTHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=Vd6FHw8IOpwL0ej68WA3M77rvMOZ7UbiOYuJYbWiSMU=; b=r8oTXn+goxZUKHUv1HTU5r5mlxbd1P+YKqCNGiypWuzXt44YXivP/nJaSdQPb38Ofv 9XftS3Kq7FiRUj5TT28RyzggR34WR/0Pc1NAqnMOfnDrdSguHYs98z4sk0B8t7UZW+GL Zzfgjm4yEkRMSUbjWM909dqvCHIVSPhqp2g3rIHsO6eZLmJuFuIhGt3CYxCCPRmLQvEB ng8jFcBeKFo9HG2NX24ghAkbzVzkRbhoMA3Lrpv8Gj+vDEhOmZ67TurffdbXPcy08K9s wkrzvMf1XTP1XjcqwzK/LQGhe7AayMiwc60WQLfuWSern47PSgaW2Ttm2jU1q3rXaZ9Z CbZA== X-Gm-Message-State: APf1xPD0WZmFBCQqHPxaGKfEbHfYQACTH6RJz1FhKrhG3L1cBMamRPyp 3eZdnEhJjI4eoqqBePEV+XBN0w== X-Google-Smtp-Source: AH8x224liSkiGBr9YGwDK5SlkGbkpKE8ghuhWBqBnuUEUN1+qyW72itVA2qS88EDrO9VsM/n//6C9g== X-Received: by 10.28.186.132 with SMTP id k126mr5669452wmf.159.1518043291875; Wed, 07 Feb 2018 14:41:31 -0800 (PST) Received: from [10.10.1.111] ([185.97.61.1]) by smtp.gmail.com with ESMTPSA id y52sm5541891wrb.52.2018.02.07.14.41.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Feb 2018 14:41:30 -0800 (PST) Subject: Re: svn commit: r328996 - head/sys/kern To: Andriy Gapon , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <201802072152.w17Lq0gd048728@repo.freebsd.org> From: Steven Hartland Message-ID: <1076365a-db07-0b28-9f97-3a7cc2a73dd6@multiplay.co.uk> Date: Wed, 7 Feb 2018 22:41:32 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <201802072152.w17Lq0gd048728@repo.freebsd.org> Content-Language: en-US Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2018 22:41:33 -0000 What would be the expected behavior if this was triggered, app crash or kernel panic...? On 07/02/2018 21:52, Andriy Gapon wrote: > Author: avg > Date: Wed Feb 7 21:51:59 2018 > New Revision: 328996 > URL: https://svnweb.freebsd.org/changeset/base/328996 > > Log: > exec_map_first_page: fix an inverse condition introduced in r254138 > > While the bug itself was serious, as we could either pass a non-busied > page to vm_pager_get_pages() or leak a busy page, it could only be > triggered under a very rare condition where the page is already inserted > into the object, but it is not valid yet. > > Reviewed by: kib > MFC after: 2 weeks > > Modified: > head/sys/kern/kern_exec.c > > Modified: head/sys/kern/kern_exec.c > ============================================================================== > --- head/sys/kern/kern_exec.c Wed Feb 7 20:36:37 2018 (r328995) > +++ head/sys/kern/kern_exec.c Wed Feb 7 21:51:59 2018 (r328996) > @@ -1009,7 +1009,7 @@ exec_map_first_page(imgp) > if ((ma[i] = vm_page_next(ma[i - 1])) != NULL) { > if (ma[i]->valid) > break; > - if (vm_page_tryxbusy(ma[i])) > + if (!vm_page_tryxbusy(ma[i])) > break; > } else { > ma[i] = vm_page_alloc(object, i, >