Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 7 Sep 2020 23:28:33 +0000 (UTC)
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r365437 - head/sys/vm
Message-ID:  <202009072328.087NSXHA071569@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: markj
Date: Mon Sep  7 23:28:33 2020
New Revision: 365437
URL: https://svnweb.freebsd.org/changeset/base/365437

Log:
  vm_object_split(): Handle orig_object type changes.
  
  orig_object->type can change from OBJT_DEFAULT to OBJT_SWAP while
  vm_object_split() is sleeping.  In this case some pages in new_object
  may be left unbusied, but vm_object_split() attempts to unbusy all of
  them.
  
  Track the beginning of the busied range.  Add an assertion to verify
  that pages are not re-added to the source object while sleeping.
  
  Reported by:	Olympios Petrakis <olympios.petrakis@netapp.com>
  Reviewed by:	alc, kib
  Tested by:	pho
  MFC after:	1 week
  Sponsored by:	NetApp, Inc.
  Sponsored by:	Klara, Inc.
  Differential Revision:	https://reviews.freebsd.org/D26223

Modified:
  head/sys/vm/vm_object.c

Modified: head/sys/vm/vm_object.c
==============================================================================
--- head/sys/vm/vm_object.c	Mon Sep  7 23:22:16 2020	(r365436)
+++ head/sys/vm/vm_object.c	Mon Sep  7 23:28:33 2020	(r365437)
@@ -1496,7 +1496,7 @@ vm_object_shadow(vm_object_t *object, vm_ooffset_t *of
 void
 vm_object_split(vm_map_entry_t entry)
 {
-	vm_page_t m, m_next;
+	vm_page_t m, m_busy, m_next;
 	vm_object_t orig_object, new_object, backing_object;
 	vm_pindex_t idx, offidxstart;
 	vm_size_t size;
@@ -1553,8 +1553,14 @@ vm_object_split(vm_map_entry_t entry)
 	 * that the object is in transition.
 	 */
 	vm_object_set_flag(orig_object, OBJ_SPLIT);
+	m_busy = NULL;
+#ifdef INVARIANTS
+	idx = 0;
+#endif
 retry:
 	m = vm_page_find_least(orig_object, offidxstart);
+	KASSERT(m == NULL || idx <= m->pindex - offidxstart,
+	    ("%s: object %p was repopulated", __func__, orig_object));
 	for (; m != NULL && (idx = m->pindex - offidxstart) < size;
 	    m = m_next) {
 		m_next = TAILQ_NEXT(m, listq);
@@ -1609,8 +1615,15 @@ retry:
 		 */
 		vm_reserv_rename(m, new_object, orig_object, offidxstart);
 #endif
+
+		/*
+		 * orig_object's type may change while sleeping, so keep track
+		 * of the beginning of the busied range.
+		 */
 		if (orig_object->type != OBJT_SWAP)
 			vm_page_xunbusy(m);
+		else if (m_busy == NULL)
+			m_busy = m;
 	}
 	if (orig_object->type == OBJT_SWAP) {
 		/*
@@ -1618,8 +1631,9 @@ retry:
 		 * and new_object's locks are released and reacquired. 
 		 */
 		swap_pager_copy(orig_object, new_object, offidxstart, 0);
-		TAILQ_FOREACH(m, &new_object->memq, listq)
-			vm_page_xunbusy(m);
+		if (m_busy != NULL)
+			TAILQ_FOREACH_FROM(m_busy, &new_object->memq, listq)
+				vm_page_xunbusy(m_busy);
 	}
 	vm_object_clear_flag(orig_object, OBJ_SPLIT);
 	VM_OBJECT_WUNLOCK(orig_object);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009072328.087NSXHA071569>