The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=f94bfc469df9a2bc78ed15cc42525d09e3413e0b
commit f94bfc469df9a2bc78ed15cc42525d09e3413e0b Author: Konstantin Belousov <[email protected]> AuthorDate: 2025-11-22 18:43:57 +0000 Commit: Konstantin Belousov <[email protected]> CommitDate: 2025-12-17 03:40:31 +0000 vm_object_coalesce(): check that coalescing does not revive stale pages Reviewed by: alc, markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54219 --- sys/vm/vm_object.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c index 413ba5459e3d..117900135ac3 100644 --- a/sys/vm/vm_object.c +++ b/sys/vm/vm_object.c @@ -2244,6 +2244,23 @@ vm_object_coalesce(vm_object_t prev_object, vm_ooffset_t prev_offset, if (next_pindex + next_size > prev_object->size) prev_object->size = next_pindex + next_size; +#ifdef INVARIANTS + /* + * Re-check: there must be no pages in the next range backed + * by prev_entry's object. Otherwise, the resulting + * corruption is same as faulting in a non-zeroed page. + */ + if (vm_check_pg_zero) { + vm_pindex_t pidx; + + pidx = swap_pager_seek_data(prev_object, next_pindex); + KASSERT(pidx >= next_pindex + next_size, + ("found obj %p pindex %#jx e %#jx %#jx %#jx", + prev_object, pidx, (uintmax_t)prev_offset, + (uintmax_t)prev_size, (uintmax_t)next_size)); + } +#endif + VM_OBJECT_WUNLOCK(prev_object); return (TRUE); }
