Date: Mon, 20 Apr 2020 11:23:23 -0700 From: Conrad Meyer <cem@freebsd.org> To: Mark Johnston <markj@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head <svn-src-head@freebsd.org> Subject: Re: svn commit: r360122 - head/sys/vm Message-ID: <CAG6CVpWGDweCecRz1XA%2B36crycDV=nOn0kFnp1C3Tr%2ByJcQ0Qg@mail.gmail.com> In-Reply-To: <202004201445.03KEjIbB018710@repo.freebsd.org> References: <202004201445.03KEjIbB018710@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks! On Mon, Apr 20, 2020 at 7:45 AM Mark Johnston <markj@freebsd.org> wrote: > > Author: markj > Date: Mon Apr 20 14:45:17 2020 > New Revision: 360122 > URL: https://svnweb.freebsd.org/changeset/base/360122 > > Log: > Handle trashed queue pointers in vm_page_acquire_unlocked(). > > vm_page_acquire_unlocked() relies on type-stability of vm_page > structures and assumes that the listq linkage pointers always point to a > vm_page or are NULL. QUEUE_MACRO_DEBUG_TRASH breaks that assumption, so > add an explicit check for a trashed queue pointer before dereferencing. > > Reported and tested by: pho > Reviewed by: kib > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D24472 > > Modified: > head/sys/vm/vm_page.c > > Modified: head/sys/vm/vm_page.c > ============================================================================== > --- head/sys/vm/vm_page.c Mon Apr 20 14:24:13 2020 (r360121) > +++ head/sys/vm/vm_page.c Mon Apr 20 14:45:17 2020 (r360122) > @@ -4438,7 +4438,7 @@ vm_page_acquire_unlocked(vm_object_t object, vm_pindex > * without barriers. Switch to radix to verify. > */ > if (prev == NULL || (m = TAILQ_NEXT(prev, listq)) == NULL || > - m->pindex != pindex || > + QMD_IS_TRASHED(m) || m->pindex != pindex || > atomic_load_ptr(&m->object) != object) { > prev = NULL; > /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpWGDweCecRz1XA%2B36crycDV=nOn0kFnp1C3Tr%2ByJcQ0Qg>