Applied, thanks!
Mike Kelly, le sam. 21 mars 2026 17:35:04 +0000, a ecrit:
> This was showing whilst running in an SMP kernel. The address
> associated with the rlock_list can be deallocated from the vm_map
> after the call to free() resulting in a page fault failure. Altered
> usage of for loops to while loops to manage the list iteration more
> carefully and avoid the free memory read errors.
> ---
> libfshelp/rlock-tweak.c | 36 ++++++++++++++++--------------------
> 1 file changed, 16 insertions(+), 20 deletions(-)
>
> diff --git a/libfshelp/rlock-tweak.c b/libfshelp/rlock-tweak.c
> index 8be889938..d42354157 100644
> --- a/libfshelp/rlock-tweak.c
> +++ b/libfshelp/rlock-tweak.c
> @@ -61,9 +61,10 @@ fshelp_rlock_tweak (struct rlock_box *box, pthread_mutex_t
> *mutex,
> return l;
> }
>
> - inline void
> + inline struct rlock_list *
> rele_lock (struct rlock_list *l, int wake_waiters)
> {
> + struct rlock_list *next = l->po.next;
> list_unlink (po, l);
> list_unlink (node, l);
>
> @@ -72,19 +73,19 @@ fshelp_rlock_tweak (struct rlock_box *box,
> pthread_mutex_t *mutex,
>
> pthread_cond_destroy(&l->wait);
> free (l);
> + return next;
> }
>
> error_t
> unlock_region (loff_t start, loff_t len)
> {
> - struct rlock_list *l;
> + struct rlock_list *l = *po->locks;
>
> - for (l = *po->locks; l; l = l->po.next)
> + while (l)
> {
> if (l->len != 0 && l->start + l->len <= start)
> /* We start after the locked region ends. */
> {
> - continue;
> }
> else if (len != 0 && start + len <= l->start)
> /* We end before this region starts. Since we are sorted,
> @@ -98,7 +99,7 @@ fshelp_rlock_tweak (struct rlock_box *box, pthread_mutex_t
> *mutex,
> && l->start + l->len <= start + len)))
> /* We wrap the locked region; consume it. */
> {
> - rele_lock (l, 1);
> + l = rele_lock (l, 1);
> continue;
> }
> else if (start <= l->start
> @@ -135,8 +136,6 @@ fshelp_rlock_tweak (struct rlock_box *box,
> pthread_mutex_t *mutex,
> l->waiting = 0;
> pthread_cond_broadcast (&l->wait);
> }
> -
> - continue;
> }
> else if (l->start < start
> && (l->len == 0
> @@ -170,6 +169,8 @@ fshelp_rlock_tweak (struct rlock_box *box,
> pthread_mutex_t *mutex,
> }
> else
> assert (! "Impossible!");
> +
> + l = l->po.next;
> }
>
> return 0;
> @@ -196,9 +197,9 @@ fshelp_rlock_tweak (struct rlock_box *box,
> pthread_mutex_t *mutex,
> inline error_t
> merge_in (loff_t start, loff_t len, int type)
> {
> - struct rlock_list *l;
> + struct rlock_list *l = *po->locks;
>
> - for (l = *po->locks; l; l = l->po.next)
> + while (l)
> {
> if (l->start <= start
> && (l->len == 0
> @@ -235,7 +236,7 @@ fshelp_rlock_tweak (struct rlock_box *box,
> pthread_mutex_t *mutex,
> if (! tail)
> {
> if (head)
> - rele_lock (head, 0);
> + (void) rele_lock (head, 0);
> return ENOMEM;
> }
> }
> @@ -258,7 +259,7 @@ fshelp_rlock_tweak (struct rlock_box *box,
> pthread_mutex_t *mutex,
> start = l->start;
> len = l->len;
>
> - rele_lock (l, 1);
> + l = rele_lock (l, 1);
> continue;
> }
> else
> @@ -277,7 +278,7 @@ fshelp_rlock_tweak (struct rlock_box *box,
> pthread_mutex_t *mutex,
>
> if (type == l->type || type == F_WRLCK)
> {
> - rele_lock (l, 1);
> + l = rele_lock (l, 1);
> /* Try to merge more. */
> continue;
> }
> @@ -301,8 +302,6 @@ fshelp_rlock_tweak (struct rlock_box *box,
> pthread_mutex_t *mutex,
> if (len != 0)
> len = start + len - (l->start + l->len);
> start = l->start + l->len;
> -
> - continue;
> }
> else
> /* Our end is silently consumed. */
> @@ -328,7 +327,7 @@ fshelp_rlock_tweak (struct rlock_box *box,
> pthread_mutex_t *mutex,
> len += start - l->start;
> start = l->start;
>
> - rele_lock (l, 1);
> + l = rele_lock (l, 1);
>
> /* Try to merge in more. */
> continue;
> @@ -338,7 +337,6 @@ fshelp_rlock_tweak (struct rlock_box *box,
> pthread_mutex_t *mutex,
> intersection) and we are not the same type. */
> {
> /* The is nothing to do except continue the search. */
> - continue;
> }
> else if (type == F_WRLCK)
> /* We comsume the intersection. */
> @@ -349,7 +347,6 @@ fshelp_rlock_tweak (struct rlock_box *box,
> pthread_mutex_t *mutex,
>
> /* Don't create the lock now; we might be able to
> consume more locks. */
> - continue;
> }
> else
> /* We are dominated; the locked region comsumes the
> @@ -366,7 +363,6 @@ fshelp_rlock_tweak (struct rlock_box *box,
> pthread_mutex_t *mutex,
>
> /* There is still a chance that we can consume more
> locks. */
> - continue;
> }
> }
> else if (start < l->start
> @@ -393,7 +389,6 @@ fshelp_rlock_tweak (struct rlock_box *box,
> pthread_mutex_t *mutex,
> region, however, we are not the same type. Just
> insert it. */
> {
> - continue;
> }
> else if (type == F_WRLCK)
> /* We consume the intersection. */
> @@ -441,8 +436,9 @@ fshelp_rlock_tweak (struct rlock_box *box,
> pthread_mutex_t *mutex,
> {
> assert (start >= l->start + l->len);
> assert (l->len != 0);
> - continue;
> }
> +
> + l = l->po.next;
> }
>
> return (gen_lock (start, len, type) ? 0 : ENOMEM);
> --
> 2.47.3
>
>
--
Samuel
<i8b4uUnderground> d-_-b
<BonyNoMore> how u make that inverted b?
<BonyNoMore> wait
<BonyNoMore> never mind
