1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
|
From 18b1b1acf3cd85050c5305831f5cb6ff678273f9 Mon Sep 17 00:00:00 2001
From: Justus Winter <4winter@informatik.uni-hamburg.de>
Date: Sun, 16 Aug 2015 12:54:41 +0200
Subject: [PATCH gnumach 01/12] vm: fix locking issues
* vm/vm_map.c (vm_map_submap): Properly lock object.
* vm/vm_object.c (_vm_object_setup): Likewise.
(vm_object_allocate): Likewise.
(vm_object_enter): Likewise.
---
vm/vm_map.c | 24 ++++++++++++++----------
vm/vm_object.c | 44 ++++++++++++++++++++++++++++++++------------
2 files changed, 46 insertions(+), 22 deletions(-)
diff --git a/vm/vm_map.c b/vm/vm_map.c
index ae3ce21..a26eaff 100644
--- a/vm/vm_map.c
+++ b/vm/vm_map.c
@@ -1182,16 +1182,20 @@ kern_return_t vm_map_submap(
if ((entry->vme_start == start) && (entry->vme_end == end) &&
(!entry->is_sub_map) &&
- ((object = entry->object.vm_object) == vm_submap_object) &&
- (object->resident_page_count == 0) &&
- (object->copy == VM_OBJECT_NULL) &&
- (object->shadow == VM_OBJECT_NULL) &&
- (!object->pager_created)) {
- entry->object.vm_object = VM_OBJECT_NULL;
- vm_object_deallocate(object);
- entry->is_sub_map = TRUE;
- vm_map_reference(entry->object.sub_map = submap);
- result = KERN_SUCCESS;
+ ((object = entry->object.vm_object) == vm_submap_object)) {
+ vm_object_lock(object);
+ if ((object->resident_page_count == 0) &&
+ (object->copy == VM_OBJECT_NULL) &&
+ (object->shadow == VM_OBJECT_NULL) &&
+ (!object->pager_created)) {
+ vm_object_unlock(object);
+ entry->object.vm_object = VM_OBJECT_NULL;
+ vm_object_deallocate(object);
+ entry->is_sub_map = TRUE;
+ vm_map_reference(entry->object.sub_map = submap);
+ result = KERN_SUCCESS;
+ } else
+ vm_object_unlock(object);
}
vm_map_unlock(map);
diff --git a/vm/vm_object.c b/vm/vm_object.c
index deac0c2..94fa48f 100644
--- a/vm/vm_object.c
+++ b/vm/vm_object.c
@@ -217,9 +217,11 @@ static void _vm_object_setup(
vm_size_t size)
{
*object = vm_object_template;
- queue_init(&object->memq);
vm_object_lock_init(object);
+ vm_object_lock(object);
+ queue_init(&object->memq);
object->size = size;
+ vm_object_unlock(object);
}
vm_object_t _vm_object_allocate(
@@ -244,8 +246,11 @@ vm_object_t vm_object_allocate(
port = ipc_port_alloc_kernel();
if (port == IP_NULL)
panic("vm_object_allocate");
+
+ vm_object_lock(object);
object->pager_name = port;
ipc_kobject_set(port, (ipc_kobject_t) object, IKOT_PAGING_NAME);
+ vm_object_unlock(object);
return object;
}
@@ -2053,8 +2058,10 @@ restart:
object = (po == IKOT_PAGER) ? (vm_object_t) pager->ip_kobject
: VM_OBJECT_NULL;
- if ((object != VM_OBJECT_NULL) && !must_init) {
+ if (object != VM_OBJECT_NULL)
vm_object_lock(object);
+
+ if ((object != VM_OBJECT_NULL) && !must_init) {
if (object->ref_count == 0) {
queue_remove(&vm_object_cached_list, object,
vm_object_t, cached_list);
@@ -2062,10 +2069,9 @@ restart:
vm_object_cached_pages_update(-object->resident_page_count);
}
object->ref_count++;
- vm_object_unlock(object);
-
vm_stat.hits++;
}
+
assert((object == VM_OBJECT_NULL) || (object->ref_count > 0) ||
((object->paging_in_progress != 0) && internal));
@@ -2085,6 +2091,10 @@ restart:
return(object);
if (must_init) {
+ vm_size_t pager_size;
+ memory_object_control_t pager_request;
+ memory_object_name_t pager_name;
+
/*
* Copy the naked send right we were given.
*/
@@ -2112,6 +2122,11 @@ restart:
* Let the pager know we're using it.
*/
+ /* Store attributes while we're holding the lock. */
+ pager_size = object->size;
+ pager_request = object->pager_request;
+ pager_name = object->pager_name;
+
if (internal) {
/* acquire a naked send right for the DMM */
ipc_port_t DMM = memory_manager_default_reference();
@@ -2123,12 +2138,15 @@ restart:
/* default-pager objects are ready immediately */
object->pager_ready = TRUE;
+ /* Unlock object across call to memory manager. */
+ vm_object_unlock(object);
+
/* consumes the naked send right for DMM */
(void) memory_object_create(DMM,
pager,
- object->size,
- object->pager_request,
- object->pager_name,
+ pager_size,
+ pager_request,
+ pager_name,
PAGE_SIZE);
} else {
/* the object is external and not temporary */
@@ -2138,13 +2156,16 @@ restart:
/* user pager objects are not ready until marked so */
object->pager_ready = FALSE;
+ /* Unlock object across call to memory manager. */
+ vm_object_unlock(object);
+
(void) memory_object_init(pager,
- object->pager_request,
- object->pager_name,
+ pager_request,
+ pager_name,
PAGE_SIZE);
-
}
+ /* Object was unlocked across call to memory manager. */
vm_object_lock(object);
object->pager_initialized = TRUE;
@@ -2152,9 +2173,8 @@ restart:
object->pager_ready = TRUE;
vm_object_wakeup(object, VM_OBJECT_EVENT_INITIALIZED);
- } else {
- vm_object_lock(object);
}
+
/*
* [At this point, the object must be locked]
*/
--
2.1.4
|
