CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Mark Johnston <markj@FreeBSD.org>
	Wed, 6 Nov 2019 16:59:16 +0000 (16:59 +0000)
committer	Mark Johnston <markj@FreeBSD.org>
	Wed, 6 Nov 2019 16:59:16 +0000 (16:59 +0000)
commit	be801aaaef2caa6b9ea552e1b2f47a4ccd5aef59
tree	cd463b7599f18065a939b80e4f52eed7e3d0cb9c	tree \| snapshot
parent	e3a90f49ad239f33c6a6448bc16c711615539939	commit \| diff

Fix a race in release_page().

Since r354156 we may call release_page() without the page's object lock
held, specifically following the page copy during a CoW fault.
release_page() must therefore unbusy the page only after scheduling the
requeue, to avoid racing with a free of the page. Previously, the
object lock prevented this race from occurring.

Add some assertions that were helpful in tracking this down.

Reported by: pho, syzkaller
Tested by: pho
Reviewed by: alc, jeff, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D22234

sys/vm/vm_fault.c		diff \| blob \| history
sys/vm/vm_page.c		diff \| blob \| history