Thanks!
On Mon, Apr 20, 2020 at 7:45 AM Mark Johnston <ma...@freebsd.org> wrote: > > Author: markj > Date: Mon Apr 20 14:45:17 2020 > New Revision: 360122 > URL: https://svnweb.freebsd.org/changeset/base/360122 > > Log: > Handle trashed queue pointers in vm_page_acquire_unlocked(). > > vm_page_acquire_unlocked() relies on type-stability of vm_page > structures and assumes that the listq linkage pointers always point to a > vm_page or are NULL. QUEUE_MACRO_DEBUG_TRASH breaks that assumption, so > add an explicit check for a trashed queue pointer before dereferencing. > > Reported and tested by: pho > Reviewed by: kib > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D24472 > > Modified: > head/sys/vm/vm_page.c > > Modified: head/sys/vm/vm_page.c > ============================================================================== > --- head/sys/vm/vm_page.c Mon Apr 20 14:24:13 2020 (r360121) > +++ head/sys/vm/vm_page.c Mon Apr 20 14:45:17 2020 (r360122) > @@ -4438,7 +4438,7 @@ vm_page_acquire_unlocked(vm_object_t object, vm_pindex > * without barriers. Switch to radix to verify. > */ > if (prev == NULL || (m = TAILQ_NEXT(prev, listq)) == NULL || > - m->pindex != pindex || > + QMD_IS_TRASHED(m) || m->pindex != pindex || > atomic_load_ptr(&m->object) != object) { > prev = NULL; > /* _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
