svn commit: r360122 - head/sys/vm
Conrad Meyer
cem at freebsd.org
Mon Apr 20 18:23:41 UTC 2020
Thanks!
On Mon, Apr 20, 2020 at 7:45 AM Mark Johnston <markj at freebsd.org> wrote:
>
> Author: markj
> Date: Mon Apr 20 14:45:17 2020
> New Revision: 360122
> URL: https://svnweb.freebsd.org/changeset/base/360122
>
> Log:
> Handle trashed queue pointers in vm_page_acquire_unlocked().
>
> vm_page_acquire_unlocked() relies on type-stability of vm_page
> structures and assumes that the listq linkage pointers always point to a
> vm_page or are NULL. QUEUE_MACRO_DEBUG_TRASH breaks that assumption, so
> add an explicit check for a trashed queue pointer before dereferencing.
>
> Reported and tested by: pho
> Reviewed by: kib
> Sponsored by: The FreeBSD Foundation
> Differential Revision: https://reviews.freebsd.org/D24472
>
> Modified:
> head/sys/vm/vm_page.c
>
> Modified: head/sys/vm/vm_page.c
> ==============================================================================
> --- head/sys/vm/vm_page.c Mon Apr 20 14:24:13 2020 (r360121)
> +++ head/sys/vm/vm_page.c Mon Apr 20 14:45:17 2020 (r360122)
> @@ -4438,7 +4438,7 @@ vm_page_acquire_unlocked(vm_object_t object, vm_pindex
> * without barriers. Switch to radix to verify.
> */
> if (prev == NULL || (m = TAILQ_NEXT(prev, listq)) == NULL ||
> - m->pindex != pindex ||
> + QMD_IS_TRASHED(m) || m->pindex != pindex ||
> atomic_load_ptr(&m->object) != object) {
> prev = NULL;
> /*
More information about the svn-src-head
mailing list