The branch main has been updated by markj:
URL:
https://cgit.FreeBSD.org/src/commit/?id=c4cceb1d0d6f59789524feab3ddf7e3110d10d75
commit c4cceb1d0d6f59789524feab3ddf7e3110d10d75
Author: Mark Johnston <ma...@freebsd.org>
AuthorDate: 2021-01-04 13:21:57 +0000
Commit: Mark Johnston <ma...@freebsd.org>
CommitDate: 2021-01-04 13:26:14 +0000
md: Fix a race in mdstart_swap()
Release a grabbed page's busy state only after marking it as referenced.
Otherwise there exists a narrow window where the page could be freed
before the update. Before r356902 this was not a problem since the
object lock was held.
Discussed with: kib
Sponsored by: The FreeBSD Foundation
---
sys/dev/md/md.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/sys/dev/md/md.c b/sys/dev/md/md.c
index 1b4b583b3c09..5c2cb2f25d2e 100644
--- a/sys/dev/md/md.c
+++ b/sys/dev/md/md.c
@@ -1146,8 +1146,6 @@ mdstart_swap(struct md_s *sc, struct bio *bp)
VM_OBJECT_WUNLOCK(sc->object);
}
if (m != NULL) {
- vm_page_xunbusy(m);
-
/*
* The page may be deactivated prior to setting
* PGA_REFERENCED, but in this case it will be
@@ -1157,6 +1155,7 @@ mdstart_swap(struct md_s *sc, struct bio *bp)
vm_page_reference(m);
else
vm_page_activate(m);
+ vm_page_xunbusy(m);
}
/* Actions on further pages start at offset 0 */
_______________________________________________
dev-commits-src-main@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main
To unsubscribe, send any mail to "dev-commits-src-main-unsubscr...@freebsd.org"
