svn commit: r360122 - head/sys/vm
Mark Johnston
markj at FreeBSD.org
Mon Apr 20 14:45:18 UTC 2020
Author: markj
Date: Mon Apr 20 14:45:17 2020
New Revision: 360122
URL: https://svnweb.freebsd.org/changeset/base/360122
Log:
Handle trashed queue pointers in vm_page_acquire_unlocked().
vm_page_acquire_unlocked() relies on type-stability of vm_page
structures and assumes that the listq linkage pointers always point to a
vm_page or are NULL. QUEUE_MACRO_DEBUG_TRASH breaks that assumption, so
add an explicit check for a trashed queue pointer before dereferencing.
Reported and tested by: pho
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D24472
Modified:
head/sys/vm/vm_page.c
Modified: head/sys/vm/vm_page.c
==============================================================================
--- head/sys/vm/vm_page.c Mon Apr 20 14:24:13 2020 (r360121)
+++ head/sys/vm/vm_page.c Mon Apr 20 14:45:17 2020 (r360122)
@@ -4438,7 +4438,7 @@ vm_page_acquire_unlocked(vm_object_t object, vm_pindex
* without barriers. Switch to radix to verify.
*/
if (prev == NULL || (m = TAILQ_NEXT(prev, listq)) == NULL ||
- m->pindex != pindex ||
+ QMD_IS_TRASHED(m) || m->pindex != pindex ||
atomic_load_ptr(&m->object) != object) {
prev = NULL;
/*
More information about the svn-src-all
mailing list