Page MenuHomeFreeBSD
Differential D24472

Handle trashed queue pointers in vm_page_acquire_unlocked().
ClosedPublic
Actions

Authored by markj on Apr 17 2020, 5:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 21, 1:14 PM
Unknown Object (File)
Oct 19 2024, 10:37 AM
Unknown Object (File)
Oct 6 2024, 11:12 PM
Unknown Object (File)
Oct 4 2024, 10:56 PM
Unknown Object (File)
Oct 4 2024, 2:36 PM
Unknown Object (File)
Oct 4 2024, 8:39 AM
Unknown Object (File)
Oct 4 2024, 4:19 AM
Unknown Object (File)
Oct 4 2024, 12:28 AM
View All 47 Files
Subscribers
imp

Details

Reviewers
kib
alc
jeff
Commits
rS360122: Handle trashed queue pointers in vm_page_acquire_unlocked().
Summary

vm_page_acquire_unlocked() relies heavily on type-stability of vm_page
structures, and assumes that the listq linkage pointers always point to
a vm_page or are NULL. QUEUE_MACRO_DEBUG_TRASH breaks that assumption.

Reported by: pho

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Apr 17 2020, 5:15 PM
Harbormaster completed remote builds in B30562: Diff 70701.Apr 17 2020, 5:15 PM
markj edited the summary of this revision. (Show Details)Apr 17 2020, 5:18 PM
markj added reviewers: kib, alc, jeff.
kib accepted this revision.Apr 17 2020, 11:49 PM

Isn't it too fragile still ? What if prev->q reused for something yet again ?

This revision is now accepted and ready to land.Apr 17 2020, 11:49 PM
markj added a comment.Apr 17 2020, 11:55 PM
In D24472#538433, @kib wrote:

Isn't it too fragile still ? What if prev->q reused for something yet again ?

That is handled by the subsequent checks, if I understood your question correctly.

kib added a comment.Apr 18 2020, 2:01 AM
In D24472#538438, @markj wrote:
In D24472#538433, @kib wrote:

Isn't it too fragile still ? What if prev->q reused for something yet again ?

That is handled by the subsequent checks, if I understood your question correctly.

I mean that there were attempts to reuse m->q for pages not in the object queue, and there probably would be more. I believe it is somewhat mitigated by the requirement that prev is either busy or wired, this is why I agreed with the proposed patch.

Closed by commit rS360122: Handle trashed queue pointers in vm_page_acquire_unlocked(). (authored by markj). · Explain WhyApr 20 2020, 2:45 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rS360122: Handle trashed queue pointers in vm_page_acquire_unlocked()..
Herald added a subscriber: imp. · View Herald TranscriptApr 20 2020, 2:45 PM

Revision Contents
Changeset List

PathSize
head/
sys/
vm/
2 lines

Diff 70805

View Options

head/sys/vm/vm_page.c

Loading...