Date: Tue, 14 Jun 2022 22:19:23 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: d0443e2b9832 - main - vm_fault: Fix a racy copy of page valid bits Message-ID: <202206142219.25EMJNcE084786@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=d0443e2b9832f01319bcaaece8102d998bf81f01 commit d0443e2b9832f01319bcaaece8102d998bf81f01 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2022-06-14 20:36:54 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2022-06-14 22:18:09 +0000 vm_fault: Fix a racy copy of page valid bits We do not hold the object lock or a page busy lock when copying src_m's validity state. Prior to commit 45d72c7d7fca we marked dst_m as fully valid. Use the source object's read lock to ensure that valid bits are not concurrently cleared. Reviewed by: alc, kib Fixes: 45d72c7d7fca ("vm_fault_copy_entry: accept invalid source pages.") MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35471 --- sys/vm/vm_fault.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index cfdd39de3ac2..3aca14777830 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -2099,8 +2099,15 @@ again: goto again; } pmap_copy_page(src_m, dst_m); - VM_OBJECT_RUNLOCK(object); + + /* + * The object lock does not guarantee that "src_m" will + * transition from invalid to valid, but it does ensure + * that "src_m" will not transition from valid to + * invalid. + */ dst_m->dirty = dst_m->valid = src_m->valid; + VM_OBJECT_RUNLOCK(object); } else { dst_m = src_m; if (vm_page_busy_acquire(dst_m, VM_ALLOC_WAITFAIL) == 0)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206142219.25EMJNcE084786>