From owner-svn-src-all@freebsd.org Thu Feb 8 07:02:39 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E68CF08659; Thu, 8 Feb 2018 07:02:39 +0000 (UTC) (envelope-from agapon@gmail.com) Received: from mail-lf0-f67.google.com (mail-lf0-f67.google.com [209.85.215.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DDE5076D92; Thu, 8 Feb 2018 07:02:38 +0000 (UTC) (envelope-from agapon@gmail.com) Received: by mail-lf0-f67.google.com with SMTP id f137so4916475lfe.4; Wed, 07 Feb 2018 23:02:38 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=fE66gdnEto4YEQZDvxg/dWstwreQv9Kmtzo9FlPe9K4=; b=I1pBtbhhSGo12kQLqXL8zxZLiD/cXxPEcOy2XSpiB4SAWmrlcZxBK1aGBCOgKgS4ig MgFc+YNTRd0V3iU883IhJdCwPKX6dk45wIbHLHDQSJS6/1RB3TatHuE0hKnNf64g60mw y5EViprv+ZjhXmZ9jcHkbuOfQbUm0ptIbmr3XlRCNUXxUuIsirnRmsZUIOu/NRmdtAOT m7mtmjWEwaAvyYfWblXarLFwxO5s6XM2Xg0swktQg/8FpiFp8URvG4IrqhhFcwx5R1QP YwraQVydanCYWMN1EaUSd1+ZllCeKs1kIVCGWf8un2we6N2Ffb24W+rFbAWR+eNtIx1T HjlA== X-Gm-Message-State: APf1xPCNU7Te87p1g5k2WJPanw2EB6LZneW/WMYUmNhn4KFf22uvI0/f xI/ZtuP858s1scy2wwqJqCxPnZBO X-Google-Smtp-Source: AH8x226VS5iO8yClbUDh+lbQcUw55pBS2QtF0AtHUJ4zI9ykkf8ZbBiND3NHGV8uN+xRnuKFNUd9WA== X-Received: by 10.25.22.234 with SMTP id 103mr6339828lfw.70.1518071800190; Wed, 07 Feb 2018 22:36:40 -0800 (PST) Received: from [192.168.0.88] (east.meadow.volia.net. [93.72.151.96]) by smtp.googlemail.com with ESMTPSA id a197sm685542lfe.88.2018.02.07.22.36.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Feb 2018 22:36:39 -0800 (PST) Subject: Re: svn commit: r328996 - head/sys/kern To: Steven Hartland , src-committers@FreeBSD.org, svn-src-all@FreeBSD.org, svn-src-head@FreeBSD.org References: <201802072152.w17Lq0gd048728@repo.freebsd.org> <1076365a-db07-0b28-9f97-3a7cc2a73dd6@multiplay.co.uk> From: Andriy Gapon Message-ID: <4b73bfc1-9b08-11e6-85a6-2b8e4d689a81@FreeBSD.org> Date: Thu, 8 Feb 2018 08:36:38 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <1076365a-db07-0b28-9f97-3a7cc2a73dd6@multiplay.co.uk> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2018 07:02:39 -0000 On 08/02/2018 00:41, Steven Hartland wrote: > What would be the expected behavior if this was triggered, app crash or kernel > panic...? To be honest, I haven't analyzed it much. I would expect either a crash when trying to unbusy a page that is not busy or hanging while forever waiting for a leaked page to get unbusied or hitting some KASSERT. > On 07/02/2018 21:52, Andriy Gapon wrote: >> Author: avg >> Date: Wed Feb 7 21:51:59 2018 >> New Revision: 328996 >> URL: https://svnweb.freebsd.org/changeset/base/328996 >> >> Log: >> exec_map_first_page: fix an inverse condition introduced in r254138 >> >> While the bug itself was serious, as we could either pass a non-busied >> page to vm_pager_get_pages() or leak a busy page, it could only be >> triggered under a very rare condition where the page is already inserted >> into the object, but it is not valid yet. >> >> Reviewed by: kib >> MFC after: 2 weeks >> >> Modified: >> head/sys/kern/kern_exec.c >> >> Modified: head/sys/kern/kern_exec.c >> ============================================================================== >> --- head/sys/kern/kern_exec.c Wed Feb 7 20:36:37 2018 (r328995) >> +++ head/sys/kern/kern_exec.c Wed Feb 7 21:51:59 2018 (r328996) >> @@ -1009,7 +1009,7 @@ exec_map_first_page(imgp) >> if ((ma[i] = vm_page_next(ma[i - 1])) != NULL) { >> if (ma[i]->valid) >> break; >> - if (vm_page_tryxbusy(ma[i])) >> + if (!vm_page_tryxbusy(ma[i])) >> break; >> } else { >> ma[i] = vm_page_alloc(object, i, >> > -- Andriy Gapon