From owner-svn-src-head@FreeBSD.ORG Wed Jul 10 14:49:22 2013 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id AC9B5DB; Wed, 10 Jul 2013 14:49:22 +0000 (UTC) (envelope-from alc@rice.edu) Received: from pp1.rice.edu (proofpoint1.mail.rice.edu [128.42.201.100]) by mx1.freebsd.org (Postfix) with ESMTP id 7E88012A3; Wed, 10 Jul 2013 14:49:21 +0000 (UTC) Received: from pps.filterd (pp1.rice.edu [127.0.0.1]) by pp1.rice.edu (8.14.5/8.14.5) with SMTP id r6A9xaeB028775; Wed, 10 Jul 2013 09:49:21 -0500 Received: from mh11.mail.rice.edu (mh11.mail.rice.edu [128.42.199.30]) by pp1.rice.edu with ESMTP id 1ddpxdsyvw-1; Wed, 10 Jul 2013 09:49:20 -0500 X-Virus-Scanned: by amavis-2.7.0 at mh11.mail.rice.edu, auth channel Received: from [192.168.5.238] (unknown [12.107.116.132]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) (Authenticated sender: alc) by mh11.mail.rice.edu (Postfix) with ESMTPSA id 162C04C0A0A; Wed, 10 Jul 2013 09:49:19 -0500 (CDT) Subject: Re: svn commit: r253140 - head/sys/amd64/amd64 Mime-Version: 1.0 (Apple Message framework v1085) Content-Type: text/plain; charset=us-ascii From: Alan Cox In-Reply-To: <201307100924.r6A9O3Br070468@svn.freebsd.org> Date: Wed, 10 Jul 2013 07:49:18 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <201307100924.r6A9O3Br070468@svn.freebsd.org> To: Konstantin Belousov X-Mailer: Apple Mail (2.1085) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jul 2013 14:49:22 -0000 On Jul 10, 2013, at 2:24 AM, Konstantin Belousov wrote: > Author: kib > Date: Wed Jul 10 09:24:03 2013 > New Revision: 253140 > URL: http://svnweb.freebsd.org/changeset/base/253140 >=20 > Log: > Clear m->object for the page taken from the delayed free list for > reuse as the pv chink page in reclaim_pv_chunk(). Having non-NULL > m->object is wrong for page not owned by an object and confuses both > vm_page_free_toq() and vm_page_remove() when the page is freed later. >=20 > Reported and tested by: pho > Sponsored by: The FreeBSD Foundation > MFC after: 3 days >=20 This problem only exists in HEAD. Older branches don't abuse the object = field for this purpose. They use one of the splay tree pointers that = were eliminated from HEAD with the introduction of the radix tree. On = the other hand, the same problem must exist in HEAD's i386 pmap. As an = aside, I think it's better to abuse the page's pageq field rather its = object field. > Modified: > head/sys/amd64/amd64/pmap.c >=20 > Modified: head/sys/amd64/amd64/pmap.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/sys/amd64/amd64/pmap.c Wed Jul 10 08:21:09 2013 = (r253139) > +++ head/sys/amd64/amd64/pmap.c Wed Jul 10 09:24:03 2013 = (r253140) > @@ -2234,6 +2234,7 @@ reclaim_pv_chunk(pmap_t locked_pmap, str > if (m_pc =3D=3D NULL && free !=3D NULL) { > m_pc =3D free; > free =3D (void *)m_pc->object; > + m_pc->object =3D NULL; > /* Recycle a freed page table page. */ > m_pc->wire_count =3D 1; > atomic_add_int(&cnt.v_wire_count, 1); >=20