svn commit: r291907 - head/sys/vm

[Conrad E. Meyer]

Author: cem
Date: Sun Dec  6 17:46:12 2015
New Revision: 291907
URL: https://svnweb.freebsd.org/changeset/base/291907

Log:
  vm_fault_hold: handle vm_page_rename failure
  
  On vm_page_rename failure, fix a missing object unlock and a double free of
  a page.
  
  First remove the old page, then rename into other page into first_object,
  then free the old page.  This avoids the problem on rename failure.  This is
  a little ugly but seems to be the most straightforward solution.
  
  Tested with:
    $ sysctl debug.fail_point.uma_zalloc_arg="1%return"
    $ kyua test -k /usr/tests/sys/Kyuafile
  
  Submitted by:	Ryan Libby <rlibby at gmail.com>
  Reviewed by:	kib
  Seen by:	alc
  Sponsored by:	EMC / Isilon Storage Division
  Differential Revision:	https://reviews.freebsd.org/D4326

Modified:
  head/sys/vm/vm_fault.c

Modified: head/sys/vm/vm_fault.c
==============================================================================
--- head/sys/vm/vm_fault.c	Sun Dec  6 17:39:13 2015	(r291906)
+++ head/sys/vm/vm_fault.c	Sun Dec  6 17:46:12 2015	(r291907)
@@ -839,7 +839,7 @@ vnode_locked:
 				 * get rid of the unnecessary page
 				 */
 				vm_page_lock(fs.first_m);
-				vm_page_free(fs.first_m);
+				vm_page_remove(fs.first_m);
 				vm_page_unlock(fs.first_m);
 				/*
 				 * grab the page and put it into the 
@@ -848,9 +848,13 @@ vnode_locked:
 				 */
 				if (vm_page_rename(fs.m, fs.first_object,
 				    fs.first_pindex)) {
+					VM_OBJECT_WUNLOCK(fs.first_object);
 					unlock_and_deallocate(&fs);
 					goto RetryFault;
 				}
+				vm_page_lock(fs.first_m);
+				vm_page_free(fs.first_m);
+				vm_page_unlock(fs.first_m);
 #if VM_NRESERVLEVEL > 0
 				/*
 				 * Rename the reservation.