Date: Wed, 24 Dec 2025 00:42:12 +0000 From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: d7bc2ee3dedd - stable/15 - vm_object_coalesce(): check that coalescing does not revive stale pages Message-ID: <694b36e4.3059d.1b685b7c@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=d7bc2ee3dedde2a9188234a563c4259c480d2664 commit d7bc2ee3dedde2a9188234a563c4259c480d2664 Author: Konstantin Belousov <kib@FreeBSD.org> AuthorDate: 2025-11-22 18:43:57 +0000 Commit: Konstantin Belousov <kib@FreeBSD.org> CommitDate: 2025-12-24 00:33:00 +0000 vm_object_coalesce(): check that coalescing does not revive stale pages (cherry picked from commit f94bfc469df9a2bc78ed15cc42525d09e3413e0b) --- sys/vm/vm_object.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c index 413ba5459e3d..117900135ac3 100644 --- a/sys/vm/vm_object.c +++ b/sys/vm/vm_object.c @@ -2244,6 +2244,23 @@ vm_object_coalesce(vm_object_t prev_object, vm_ooffset_t prev_offset, if (next_pindex + next_size > prev_object->size) prev_object->size = next_pindex + next_size; +#ifdef INVARIANTS + /* + * Re-check: there must be no pages in the next range backed + * by prev_entry's object. Otherwise, the resulting + * corruption is same as faulting in a non-zeroed page. + */ + if (vm_check_pg_zero) { + vm_pindex_t pidx; + + pidx = swap_pager_seek_data(prev_object, next_pindex); + KASSERT(pidx >= next_pindex + next_size, + ("found obj %p pindex %#jx e %#jx %#jx %#jx", + prev_object, pidx, (uintmax_t)prev_offset, + (uintmax_t)prev_size, (uintmax_t)next_size)); + } +#endif + VM_OBJECT_WUNLOCK(prev_object); return (TRUE); }home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?694b36e4.3059d.1b685b7c>