svn commit: r328996 - head/sys/kern

Wed Feb 7 22:41:33 UTC 2018

What would be the expected behavior if this was triggered, app crash or 
kernel panic...?

On 07/02/2018 21:52, Andriy Gapon wrote:
> Author: avg
> Date: Wed Feb  7 21:51:59 2018
> New Revision: 328996
> URL: https://svnweb.freebsd.org/changeset/base/328996
>
> Log:
>    exec_map_first_page: fix an inverse condition introduced in r254138
>    
>    While the bug itself was serious, as we could either pass a non-busied
>    page to vm_pager_get_pages() or leak a busy page, it could only be
>    triggered under a very rare condition where the page is already inserted
>    into the object, but it is not valid yet.
>    
>    Reviewed by:	kib
>    MFC after:	2 weeks
>
> Modified:
>    head/sys/kern/kern_exec.c
>
> Modified: head/sys/kern/kern_exec.c
> ==============================================================================
> --- head/sys/kern/kern_exec.c	Wed Feb  7 20:36:37 2018	(r328995)
> +++ head/sys/kern/kern_exec.c	Wed Feb  7 21:51:59 2018	(r328996)
> @@ -1009,7 +1009,7 @@ exec_map_first_page(imgp)
>   			if ((ma[i] = vm_page_next(ma[i - 1])) != NULL) {
>   				if (ma[i]->valid)
>   					break;
> -				if (vm_page_tryxbusy(ma[i]))
> +				if (!vm_page_tryxbusy(ma[i]))
>   					break;
>   			} else {
>   				ma[i] = vm_page_alloc(object, i,
>