Page MenuHomeFreeBSD
Differential D24472

Handle trashed queue pointers in vm_page_acquire_unlocked().
ClosedPublic
Actions

Authored by markj on Apr 17 2020, 5:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Apr 14, 11:37 AM
Unknown Object (File)
Mon, Apr 14, 3:59 AM
Unknown Object (File)
Mon, Apr 14, 12:38 AM
Unknown Object (File)
Mon, Apr 14, 12:32 AM
Unknown Object (File)
Feb 20 2025, 2:35 PM
Unknown Object (File)
Jan 27 2025, 5:14 AM
Unknown Object (File)
Jan 25 2025, 3:20 PM
Unknown Object (File)
Jan 10 2025, 10:31 PM
View All 56 Files
Subscribers
imp

Details

Reviewers
kib
alc
jeff
Commits
rS360122: Handle trashed queue pointers in vm_page_acquire_unlocked().
Summary

vm_page_acquire_unlocked() relies heavily on type-stability of vm_page
structures, and assumes that the listq linkage pointers always point to
a vm_page or are NULL. QUEUE_MACRO_DEBUG_TRASH breaks that assumption.

Reported by: pho

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 30562
Build 28307: arc lint + arc unit

Event Timeline

markj created this revision.Apr 17 2020, 5:15 PM
Harbormaster completed remote builds in B30562: Diff 70701.Apr 17 2020, 5:15 PM
markj edited the summary of this revision. (Show Details)Apr 17 2020, 5:18 PM
markj added reviewers: kib, alc, jeff.
kib accepted this revision.Apr 17 2020, 11:49 PM

Isn't it too fragile still ? What if prev->q reused for something yet again ?

This revision is now accepted and ready to land.Apr 17 2020, 11:49 PM
markj added a comment.Apr 17 2020, 11:55 PM
In D24472#538433, @kib wrote:

Isn't it too fragile still ? What if prev->q reused for something yet again ?

That is handled by the subsequent checks, if I understood your question correctly.

kib added a comment.Apr 18 2020, 2:01 AM
In D24472#538438, @markj wrote:
In D24472#538433, @kib wrote:

Isn't it too fragile still ? What if prev->q reused for something yet again ?

That is handled by the subsequent checks, if I understood your question correctly.

I mean that there were attempts to reuse m->q for pages not in the object queue, and there probably would be more. I believe it is somewhat mitigated by the requirement that prev is either busy or wired, this is why I agreed with the proposed patch.

Closed by commit rS360122: Handle trashed queue pointers in vm_page_acquire_unlocked(). (authored by markj). · Explain WhyApr 20 2020, 2:45 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rS360122: Handle trashed queue pointers in vm_page_acquire_unlocked()..
Herald added a subscriber: imp. · View Herald TranscriptApr 20 2020, 2:45 PM

Revision Contents
Changeset List

PathSize
sys/
vm/
2 lines

Diff 70701

View Options

sys/vm/vm_page.c

Loading...