d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

md: Fix a race in mdstart_swap()

Browse Source 
Release a grabbed page's busy state only after marking it as referenced.
Otherwise there exists a narrow window where the page could be freed
before the update.  Before r356902 this was not a problem since the
object lock was held.

Discussed with:	kib
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Mark Johnston 2021-01-04 08:21:57 -05:00
parent ea70ab2387
commit c4cceb1d0d
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/dev/md/md.c
View File

@ -1146,8 +1146,6 @@ mdstart_swap(struct md_s *sc, struct bio *bp)
VM_OBJECT_WUNLOCK(sc->object);
}
if (m != NULL) {
vm_page_xunbusy(m);
/*
* The page may be deactivated prior to setting
* PGA_REFERENCED, but in this case it will be
@ -1157,6 +1155,7 @@ mdstart_swap(struct md_s *sc, struct bio *bp)
vm_page_reference(m);
else
vm_page_activate(m);
vm_page_xunbusy(m);
}
/* Actions on further pages start at offset 0 */