Close races in vm object chain traversal for unlock
ClosedPublic
Actions

Authored by rlibby on Feb 25 2021, 6:32 PM.

Details

Reviewers

bdrewery
kib
markj
vangyzen

Commits

rGd7671ad8d6eb: Close races in vm object chain traversal for unlock

Summary

We were unlocking the vm object before reading the backing_object field.
In the meantime, the object could be freed and reused. This could cause
us to go off the rails in the object chain traversal, failing to unlock
the rest of the objects in the original chain and corrupting the lock
state of the victim chain.

MFC after: 3 days
Sponsored by: Dell EMC Isilon

Test Plan

procstat -av

mount -t procfs proc /proc
cat /proc/*/map

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 37376
Build 34265: arc lint + arc unit

Event Timeline

rlibby created this revision.Feb 25 2021, 6:32 PM

Herald added a subscriber: imp. · View Herald TranscriptFeb 25 2021, 6:32 PM

rlibby requested review of this revision.Feb 25 2021, 6:32 PM

Harbormaster completed remote builds in B37376: Diff 84694.Feb 25 2021, 6:33 PM

bdrewery accepted this revision.Feb 25 2021, 6:37 PM

This revision is now accepted and ready to land.Feb 25 2021, 6:37 PM

This can be done without introducing another object pointer (nobj) by resetting lobj and following the pattern elsewhere, but I found the approach with nobj to be more readable.