Page MenuHomeFreeBSD
Differential D24472

Handle trashed queue pointers in vm_page_acquire_unlocked().
ClosedPublic
Actions

Authored by markj on Apr 17 2020, 5:15 PM.
Tags
None
Referenced Files
F140501992: D24472.id54425.diff
Wed, Dec 24, 5:08 PM
F140485753: D24472.diff
Wed, Dec 24, 12:41 PM
Unknown Object (File)
Tue, Dec 23, 1:33 PM
Unknown Object (File)
Mon, Dec 8, 12:15 AM
Unknown Object (File)
Thu, Nov 27, 7:23 AM
Unknown Object (File)
Tue, Nov 25, 4:32 PM
Unknown Object (File)
Nov 21 2025, 12:53 AM
Unknown Object (File)
Nov 21 2025, 12:52 AM
View All 99 Files
Subscribers
imp

Details

Reviewers
kib
alc
jeff
Commits
rS360122: Handle trashed queue pointers in vm_page_acquire_unlocked().
Summary

vm_page_acquire_unlocked() relies heavily on type-stability of vm_page
structures, and assumes that the listq linkage pointers always point to
a vm_page or are NULL. QUEUE_MACRO_DEBUG_TRASH breaks that assumption.

Reported by: pho

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Apr 17 2020, 5:15 PM
Harbormaster completed remote builds in B30562: Diff 70701.Apr 17 2020, 5:15 PM
markj edited the summary of this revision. (Show Details)Apr 17 2020, 5:18 PM
markj added reviewers: kib, alc, jeff.
kib accepted this revision.Apr 17 2020, 11:49 PM

Isn't it too fragile still ? What if prev->q reused for something yet again ?

This revision is now accepted and ready to land.Apr 17 2020, 11:49 PM
markj added a comment.Apr 17 2020, 11:55 PM
In D24472#538433, @kib wrote:

Isn't it too fragile still ? What if prev->q reused for something yet again ?

That is handled by the subsequent checks, if I understood your question correctly.

kib added a comment.Apr 18 2020, 2:01 AM
In D24472#538438, @markj wrote:
In D24472#538433, @kib wrote:

Isn't it too fragile still ? What if prev->q reused for something yet again ?

That is handled by the subsequent checks, if I understood your question correctly.

I mean that there were attempts to reuse m->q for pages not in the object queue, and there probably would be more. I believe it is somewhat mitigated by the requirement that prev is either busy or wired, this is why I agreed with the proposed patch.

Closed by commit rS360122: Handle trashed queue pointers in vm_page_acquire_unlocked(). (authored by markj). · Explain WhyApr 20 2020, 2:45 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rS360122: Handle trashed queue pointers in vm_page_acquire_unlocked()..
Herald added a subscriber: imp. · View Herald TranscriptApr 20 2020, 2:45 PM

Revision Contents
Changeset List

PathSize
head/
sys/
vm/
2 lines

Diff 70805

View Options

head/sys/vm/vm_page.c

Loading...