svn commit: r286921 - head/sys/kern

Konstantin Belousov kib at FreeBSD.org
Wed Aug 19 11:53:33 UTC 2015


Author: kib
Date: Wed Aug 19 11:53:32 2015
New Revision: 286921
URL: https://svnweb.freebsd.org/changeset/base/286921

Log:
  fget_unlocked() depends on the freed struct file f_count field being
  zero.  The file_zone if no-free, but r284861 added trashing of the
  freed memory.  Most visible manifestation of the issue were 'memory
  modified after free' panics for the file zone, triggered from
  falloc_noinstall().
  
  Add UMA_ZONE_ZINIT flag to turn off trashing.  Mjg noted that it makes
  sense to not trash freed memory for any non-free zone, which will be
  done later.
  
  Reported and tested by:	pho
  Discussed with:	mjg
  Sponsored by:	The FreeBSD Foundation

Modified:
  head/sys/kern/kern_descrip.c

Modified: head/sys/kern/kern_descrip.c
==============================================================================
--- head/sys/kern/kern_descrip.c	Wed Aug 19 11:45:45 2015	(r286920)
+++ head/sys/kern/kern_descrip.c	Wed Aug 19 11:53:32 2015	(r286921)
@@ -3833,7 +3833,7 @@ filelistinit(void *dummy)
 {
 
 	file_zone = uma_zcreate("Files", sizeof(struct file), NULL, NULL,
-	    NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
+	    NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE | UMA_ZONE_ZINIT);
 	filedesc0_zone = uma_zcreate("filedesc0", sizeof(struct filedesc0),
 	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
 	mtx_init(&sigio_lock, "sigio lock", NULL, MTX_DEF);


More information about the svn-src-all mailing list