Date: Wed, 10 Jul 2013 07:49:18 -0700 From: Alan Cox <alc@rice.edu> To: Konstantin Belousov <kib@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r253140 - head/sys/amd64/amd64 Message-ID: <A5BF7C62-72BE-421E-9BBB-5FCD65E88206@rice.edu> In-Reply-To: <201307100924.r6A9O3Br070468@svn.freebsd.org> References: <201307100924.r6A9O3Br070468@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 10, 2013, at 2:24 AM, Konstantin Belousov wrote: > Author: kib > Date: Wed Jul 10 09:24:03 2013 > New Revision: 253140 > URL: http://svnweb.freebsd.org/changeset/base/253140 >=20 > Log: > Clear m->object for the page taken from the delayed free list for > reuse as the pv chink page in reclaim_pv_chunk(). Having non-NULL > m->object is wrong for page not owned by an object and confuses both > vm_page_free_toq() and vm_page_remove() when the page is freed later. >=20 > Reported and tested by: pho > Sponsored by: The FreeBSD Foundation > MFC after: 3 days >=20 This problem only exists in HEAD. Older branches don't abuse the object = field for this purpose. They use one of the splay tree pointers that = were eliminated from HEAD with the introduction of the radix tree. On = the other hand, the same problem must exist in HEAD's i386 pmap. As an = aside, I think it's better to abuse the page's pageq field rather its = object field. > Modified: > head/sys/amd64/amd64/pmap.c >=20 > Modified: head/sys/amd64/amd64/pmap.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/sys/amd64/amd64/pmap.c Wed Jul 10 08:21:09 2013 = (r253139) > +++ head/sys/amd64/amd64/pmap.c Wed Jul 10 09:24:03 2013 = (r253140) > @@ -2234,6 +2234,7 @@ reclaim_pv_chunk(pmap_t locked_pmap, str > if (m_pc =3D=3D NULL && free !=3D NULL) { > m_pc =3D free; > free =3D (void *)m_pc->object; > + m_pc->object =3D NULL; > /* Recycle a freed page table page. */ > m_pc->wire_count =3D 1; > atomic_add_int(&cnt.v_wire_count, 1); >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A5BF7C62-72BE-421E-9BBB-5FCD65E88206>