Date: Wed, 19 Aug 2015 11:53:33 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r286921 - head/sys/kern Message-ID: <201508191153.t7JBrXAf007667@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Wed Aug 19 11:53:32 2015 New Revision: 286921 URL: https://svnweb.freebsd.org/changeset/base/286921 Log: fget_unlocked() depends on the freed struct file f_count field being zero. The file_zone if no-free, but r284861 added trashing of the freed memory. Most visible manifestation of the issue were 'memory modified after free' panics for the file zone, triggered from falloc_noinstall(). Add UMA_ZONE_ZINIT flag to turn off trashing. Mjg noted that it makes sense to not trash freed memory for any non-free zone, which will be done later. Reported and tested by: pho Discussed with: mjg Sponsored by: The FreeBSD Foundation Modified: head/sys/kern/kern_descrip.c Modified: head/sys/kern/kern_descrip.c ============================================================================== --- head/sys/kern/kern_descrip.c Wed Aug 19 11:45:45 2015 (r286920) +++ head/sys/kern/kern_descrip.c Wed Aug 19 11:53:32 2015 (r286921) @@ -3833,7 +3833,7 @@ filelistinit(void *dummy) { file_zone = uma_zcreate("Files", sizeof(struct file), NULL, NULL, - NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); + NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE | UMA_ZONE_ZINIT); filedesc0_zone = uma_zcreate("filedesc0", sizeof(struct filedesc0), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); mtx_init(&sigio_lock, "sigio lock", NULL, MTX_DEF);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201508191153.t7JBrXAf007667>