Site Navigation

Date:      Mon, 4 Jan 2021 13:35:46 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: c4cceb1d0d6f - main - md: Fix a race in mdstart_swap()
Message-ID:  <202101041335.104DZkhF014491@gitrepo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=c4cceb1d0d6f59789524feab3ddf7e3110d10d75

commit c4cceb1d0d6f59789524feab3ddf7e3110d10d75
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-01-04 13:21:57 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-01-04 13:26:14 +0000

    md: Fix a race in mdstart_swap()
    
    Release a grabbed page's busy state only after marking it as referenced.
    Otherwise there exists a narrow window where the page could be freed
    before the update.  Before r356902 this was not a problem since the
    object lock was held.
    
    Discussed with: kib
    Sponsored by:   The FreeBSD Foundation
---
 sys/dev/md/md.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/sys/dev/md/md.c b/sys/dev/md/md.c
index 1b4b583b3c09..5c2cb2f25d2e 100644
--- a/sys/dev/md/md.c
+++ b/sys/dev/md/md.c
@@ -1146,8 +1146,6 @@ mdstart_swap(struct md_s *sc, struct bio *bp)
 			VM_OBJECT_WUNLOCK(sc->object);
 		}
 		if (m != NULL) {
-			vm_page_xunbusy(m);
-
 			/*
 			 * The page may be deactivated prior to setting
 			 * PGA_REFERENCED, but in this case it will be
@@ -1157,6 +1155,7 @@ mdstart_swap(struct md_s *sc, struct bio *bp)
 				vm_page_reference(m);
 			else
 				vm_page_activate(m);
+			vm_page_xunbusy(m);
 		}
 
 		/* Actions on further pages start at offset 0 */

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202101041335.104DZkhF014491>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact