system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-09-20 08:44:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
freebsd-src/sys/vm
History
Kenneth D. Merry 43ab9660c5 Fix a bug in the device pager code that can trigger an assertion 
in devfs if a particular race condition is hit in the device pager
code.

This was a side effect of change 227530 which changed the device
pager interface to call a new destructor routine for the cdev.
That destructor routine, old_dev_pager_dtor(), takes a VM object
handle.

The object handle is cast to a struct cdev *, and passed into
dev_rel().

That works in most cases, except the case in cdev_pager_allocate()
where there is a race condition between two threads allocating an
object backed by the same device.  The loser of the race
deallocates its object at the end of the function.

The problem is that before inserting the object into the
dev_pager_object_list, the object's handle is changed from the
struct cdev pointer to the object's own address.  This is to avoid
conflicts with the winner of the race, which already inserted an
object in the list with a handle that is a pointer to the same cdev
structure.

The object is then passed to vm_object_deallocate(), and eventually
makes its way down to old_dev_pager_dtor().  That function passes
the handle pointer (which is actually a VM object, not a struct
cdev as usual) into dev_rel().  dev_rel() decrements the reference
count in the assumed struct cdev (which happens to be 0), and
that triggers the assertion in dev_rel() that the reference count
is greater than or equal to 0.

The fix is to add a cdev pointer to the VM object, and use that
pointer when calling the cdev_pg_dtor() routine.

vm_object.h:	Add a struct cdev pointer to the VM object
		structure.

device_pager.c:	In cdev_pager_allocate(), populate the new cdev
		pointer.

		In dev_pager_dealloc(), use the new cdev pointer
		when calling the object's cdev_pg_dtor() routine.

Reviewed by:	kib
Sponsored by:	Spectra Logic Corporation
MFC after:	1 week
2013-01-09 16:48:38 +00:00
..
default_pager.c
device_pager.c Fix a bug in the device pager code that can trigger an assertion 2013-01-09 16:48:38 +00:00
memguard.c Fix a bug with memguard(9) on 32-bit architectures without a 2012-07-15 20:29:48 +00:00
memguard.h Fix a bug with memguard(9) on 32-bit architectures without a 2012-07-15 20:29:48 +00:00
phys_pager.c
pmap.h The page flag PGA_WRITEABLE is set and cleared exclusively by the pmap 2012-06-16 18:56:19 +00:00
redzone.c Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs. 2011-11-07 15:43:11 +00:00
redzone.h
sg_pager.c Move the declaration of vm_phys_paddr_to_vm_page() from vm/vm_page.h 2012-11-16 05:55:56 +00:00
swap_pager.c - Don't pass geom and provider names as format strings. 2012-11-20 12:32:18 +00:00
swap_pager.h Implement the linprocfs swaps file, providing information about the 2011-08-01 19:12:15 +00:00
uma.h White-space cleanups. 2012-12-08 09:23:05 +00:00
uma_core.c Implemented uma_zone_set_warning(9) function that sets a warning, which 2012-12-07 22:27:13 +00:00
uma_dbg.c
uma_dbg.h
uma_int.h Comment fix: there is no ub_ptr, instead explain meaning of uz_count 2012-12-21 10:09:45 +00:00
vm.h - Fix locked memory accounting for maps with MAP_WIREFUTURE flag. 2012-12-18 07:35:01 +00:00
vm_extern.h Eliminate vm_phys_bootstrap_alloc(). It was a failed attempt at 2011-10-30 05:06:14 +00:00
vm_fault.c In the past four years, we've added two new vm object types. Each time, 2012-12-09 00:32:38 +00:00
vm_glue.c Move the corresponding MTX_SYSINIT() next to their struct mtx declaration 2012-10-26 17:31:35 +00:00
vm_init.c
vm_kern.c Flip the semantic of M_NOWAIT to only require the allocation to not 2012-11-14 20:01:40 +00:00
vm_kern.h
vm_map.c - Fix locked memory accounting for maps with MAP_WIREFUTURE flag. 2012-12-18 07:35:01 +00:00
vm_map.h Fix a bug with memguard(9) on 32-bit architectures without a 2012-07-15 20:29:48 +00:00
vm_meter.c In the past four years, we've added two new vm object types. Each time, 2012-12-09 00:32:38 +00:00
vm_mmap.c - Fix locked memory accounting for maps with MAP_WIREFUTURE flag. 2012-12-18 07:35:01 +00:00
vm_object.c In the past four years, we've added two new vm object types. Each time, 2012-12-09 00:32:38 +00:00
vm_object.h Fix a bug in the device pager code that can trigger an assertion 2013-01-09 16:48:38 +00:00
vm_page.c In the past four years, we've added two new vm object types. Each time, 2012-12-09 00:32:38 +00:00
vm_page.h Update a comment to reflect the elimination of the hold queue in r242300. 2012-11-17 04:00:19 +00:00
vm_pageout.c In the past four years, we've added two new vm object types. Each time, 2012-12-09 00:32:38 +00:00
vm_pageout.h Move what remains of vm/vm_contig.c into vm/vm_pageout.c, where similar 2012-07-18 05:21:34 +00:00
vm_pager.c vm_pager_object_lookup: small performance optimization 2012-05-23 12:51:49 +00:00
vm_pager.h Add new pager type, OBJT_MGTDEVICE. It provides the device pager 2012-05-12 20:49:58 +00:00
vm_param.h
vm_phys.c Add a facility to register a range of physical addresses to be used 2012-05-12 20:42:56 +00:00
vm_phys.h Move the declaration of vm_phys_paddr_to_vm_page() from vm/vm_page.h 2012-11-16 05:55:56 +00:00
vm_reserv.c Correct an off-by-one error in vm_reserv_alloc_contig() that resulted in 2012-07-15 21:46:19 +00:00
vm_reserv.h Introduce vm_reserv_alloc_contig() and teach vm_page_alloc_contig() how to 2011-12-05 18:29:25 +00:00
vm_unix.c - Fix locked memory accounting for maps with MAP_WIREFUTURE flag. 2012-12-18 07:35:01 +00:00
vm_zeroidle.c
vnode_pager.c The r241025 fixed the case when a binary, executed from nullfs mount, 2012-11-02 13:56:36 +00:00
vnode_pager.h Account the writeable shared mappings backed by file in the vnode 2012-02-23 21:07:16 +00:00