From owner-svn-src-head@freebsd.org  Tue Feb 13 15:36:29 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 08DE5F0A311;
 Tue, 13 Feb 2018 15:36:29 +0000 (UTC) (envelope-from kib@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id AF7E77EC95;
 Tue, 13 Feb 2018 15:36:28 +0000 (UTC) (envelope-from kib@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AA49622A8E;
 Tue, 13 Feb 2018 15:36:28 +0000 (UTC) (envelope-from kib@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w1DFaSj0035082;
 Tue, 13 Feb 2018 15:36:28 GMT (envelope-from kib@FreeBSD.org)
Received: (from kib@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w1DFaSbn035081;
 Tue, 13 Feb 2018 15:36:28 GMT (envelope-from kib@FreeBSD.org)
Message-Id: <201802131536.w1DFaSbn035081@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org
 using -f
From: Konstantin Belousov <kib@FreeBSD.org>
Date: Tue, 13 Feb 2018 15:36:28 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r329215 - head/sys/vm
X-SVN-Group: head
X-SVN-Commit-Author: kib
X-SVN-Commit-Paths: head/sys/vm
X-SVN-Commit-Revision: 329215
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Feb 2018 15:36:29 -0000

Author: kib
Date: Tue Feb 13 15:36:28 2018
New Revision: 329215
URL: https://svnweb.freebsd.org/changeset/base/329215

Log:
  Do not leak rv->psind in some specific situations.
  
  Suppose that we have an object with a mapped superpage, and that all
  pages in the superpages are held (by some driver).  Additionally,
  suppose that the object is terminated, e.g. because the only process
  mapping it is exiting.  Then the reservation is broken, but the pages
  cannot be freed until later, when they are unheld.  In this situation,
  the reservation code cannot clean psind, since no pages are freed, and
  the page is freed and then reused with invalid psind.
  
  Clean psind on vm_reserv_break() to avoid the situation.
  
  Reported and tested by:	Slava Shwartsman
  Reviewed by:	markj
  Sponsored by:	Mellanox Technologies
  MFC after:	1 week
  Differential revision:	https://reviews.freebsd.org/D14335

Modified:
  head/sys/vm/vm_reserv.c

Modified: head/sys/vm/vm_reserv.c
==============================================================================
--- head/sys/vm/vm_reserv.c	Tue Feb 13 15:30:31 2018	(r329214)
+++ head/sys/vm/vm_reserv.c	Tue Feb 13 15:36:28 2018	(r329215)
@@ -949,6 +949,7 @@ vm_reserv_break(vm_reserv_t rv, vm_page_t m)
 
 	vm_domain_free_assert_locked(VM_DOMAIN(rv->domain));
 	vm_reserv_remove(rv);
+	rv->pages->psind = 0;
 	if (m != NULL) {
 		/*
 		 * Since the reservation is being broken, there is no harm in