svn commit: r328996 - head/sys/kern
Andriy Gapon
avg at FreeBSD.org
Thu Feb 8 07:02:39 UTC 2018
On 08/02/2018 00:41, Steven Hartland wrote:
> What would be the expected behavior if this was triggered, app crash or kernel
> panic...?
To be honest, I haven't analyzed it much.
I would expect either a crash when trying to unbusy a page that is not busy
or hanging while forever waiting for a leaked page to get unbusied or hitting
some KASSERT.
> On 07/02/2018 21:52, Andriy Gapon wrote:
>> Author: avg
>> Date: Wed Feb 7 21:51:59 2018
>> New Revision: 328996
>> URL: https://svnweb.freebsd.org/changeset/base/328996
>>
>> Log:
>> exec_map_first_page: fix an inverse condition introduced in r254138
>>
>> While the bug itself was serious, as we could either pass a non-busied
>> page to vm_pager_get_pages() or leak a busy page, it could only be
>> triggered under a very rare condition where the page is already inserted
>> into the object, but it is not valid yet.
>>
>> Reviewed by: kib
>> MFC after: 2 weeks
>>
>> Modified:
>> head/sys/kern/kern_exec.c
>>
>> Modified: head/sys/kern/kern_exec.c
>> ==============================================================================
>> --- head/sys/kern/kern_exec.c Wed Feb 7 20:36:37 2018 (r328995)
>> +++ head/sys/kern/kern_exec.c Wed Feb 7 21:51:59 2018 (r328996)
>> @@ -1009,7 +1009,7 @@ exec_map_first_page(imgp)
>> if ((ma[i] = vm_page_next(ma[i - 1])) != NULL) {
>> if (ma[i]->valid)
>> break;
>> - if (vm_page_tryxbusy(ma[i]))
>> + if (!vm_page_tryxbusy(ma[i]))
>> break;
>> } else {
>> ma[i] = vm_page_alloc(object, i,
>>
>
--
Andriy Gapon
More information about the svn-src-head
mailing list