Fixes for dreaded assert in jemalloc page allocator AKA mmap(MAP_ANON) providing non-zeroed pages
Needs ReviewPublic
Actions

Authored by kib on Sun, Nov 23, 9:51 AM.

Details

Reviewers

alc
markj

Summary

vm_object_coalesce(): any of these conditions must prevent coalesce

When either there is more than one reference to the object, or the
object size does not exactly match the next start, or OBJ_ONEMAPPING is
not set, we cannot safely coalesce.  We might corrupt some other valid
mapping or a shadow chain doing it.

Debugging help from:    mmel


vm_object_coalesce(): simplify

Checked condition for the object size to coalesce make follow-up
re-checking of the object size redundant.  Esp., call
vm_object_page_remove() always if we coalesce.

Debugging help from:    mmel


vm_object_page_remove(): clear pager even if there is no resident pages

Swap pager might still carry the data.

Debugging help from:    mmel


vm_map_insert(): add check that coalescing does not revive stale pages

Debugging help from:    mmel

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

kib created this revision.Sun, Nov 23, 9:51 AM

Herald added a subscriber: imp. · View Herald TranscriptSun, Nov 23, 9:51 AM

kib requested review of this revision.Sun, Nov 23, 9:51 AM

kib retitled this revision from Fixes for dreaded assert in jemalloc page allocator (AKA mmap(MAP_ANON) providing non-zeroed pages) to Fixes for dreaded assert in jemalloc page allocator AKA mmap(MAP_ANON) providing non-zeroed pages.

markmi_dsl-only.net added a subscriber: markmi_dsl-only.net.Sun, Nov 23, 12:42 PM

markmi_dsl-only.net added inline comments.

sys/vm/vm_object.c
2201	Just an FYI: Between the KASSERT and the prior if we have: . . . && prev_object->size == next_pindex && . . . so the KASSERT is effectively checking next_pindex > 0 as things are here.