Date: Sun, 6 Dec 2015 17:46:12 +0000 (UTC) From: "Conrad E. Meyer" <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r291907 - head/sys/vm Message-ID: <201512061746.tB6HkCWb072736@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Sun Dec 6 17:46:12 2015 New Revision: 291907 URL: https://svnweb.freebsd.org/changeset/base/291907 Log: vm_fault_hold: handle vm_page_rename failure On vm_page_rename failure, fix a missing object unlock and a double free of a page. First remove the old page, then rename into other page into first_object, then free the old page. This avoids the problem on rename failure. This is a little ugly but seems to be the most straightforward solution. Tested with: $ sysctl debug.fail_point.uma_zalloc_arg="1%return" $ kyua test -k /usr/tests/sys/Kyuafile Submitted by: Ryan Libby <rlibby@gmail.com> Reviewed by: kib Seen by: alc Sponsored by: EMC / Isilon Storage Division Differential Revision: https://reviews.freebsd.org/D4326 Modified: head/sys/vm/vm_fault.c Modified: head/sys/vm/vm_fault.c ============================================================================== --- head/sys/vm/vm_fault.c Sun Dec 6 17:39:13 2015 (r291906) +++ head/sys/vm/vm_fault.c Sun Dec 6 17:46:12 2015 (r291907) @@ -839,7 +839,7 @@ vnode_locked: * get rid of the unnecessary page */ vm_page_lock(fs.first_m); - vm_page_free(fs.first_m); + vm_page_remove(fs.first_m); vm_page_unlock(fs.first_m); /* * grab the page and put it into the @@ -848,9 +848,13 @@ vnode_locked: */ if (vm_page_rename(fs.m, fs.first_object, fs.first_pindex)) { + VM_OBJECT_WUNLOCK(fs.first_object); unlock_and_deallocate(&fs); goto RetryFault; } + vm_page_lock(fs.first_m); + vm_page_free(fs.first_m); + vm_page_unlock(fs.first_m); #if VM_NRESERVLEVEL > 0 /* * Rename the reservation.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201512061746.tB6HkCWb072736>