Re: [PATCH Hurd/libfshelp 1/1] libfshelp: Free Memory Read errors after

Re: [PATCH Hurd/libfshelp 1/1] libfshelp: Free Memory Read errors after
bug-hurd
Top
][
All Lists
Date Prev
][
Date Next
][
Thread Prev
][
Thread Next
][
Date Index
][
Thread Index
Re: [PATCH Hurd/libfshelp 1/1] libfshelp: Free Memory Read errors after
From
Samuel Thibault
Subject
Re: [PATCH Hurd/libfshelp 1/1] libfshelp: Free Memory Read errors after calls to rele_lock()
Date
Sun, 22 Mar 2026 19:54:50 +0100
Applied, thanks!

Mike Kelly, le sam. 21 mars 2026 17:35:04 +0000, a ecrit:
This was showing whilst running in an SMP kernel. The address
associated with the rlock_list can be deallocated from the vm_map
after the call to free() resulting in a page fault failure. Altered
usage of for loops to while loops to manage the list iteration more
carefully and avoid the free memory read errors.
---
libfshelp/rlock-tweak.c | 36 ++++++++++++++++--------------------
1 file changed, 16 insertions(+), 20 deletions(-)
diff --git a/libfshelp/rlock-tweak.c b/libfshelp/rlock-tweak.c
index 8be889938..d42354157 100644
--- a/libfshelp/rlock-tweak.c
+++ b/libfshelp/rlock-tweak.c
@@ -61,9 +61,10 @@ fshelp_rlock_tweak (struct rlock_box *box, pthread_mutex_t
*mutex,
return l;
- inline void
+ inline struct rlock_list *
rele_lock (struct rlock_list *l, int wake_waiters)
+ struct rlock_list *next = l->po.next;
list_unlink (po, l);
list_unlink (node, l);
@@ -72,19 +73,19 @@ fshelp_rlock_tweak (struct rlock_box *box,
pthread_mutex_t *mutex,
pthread_cond_destroy(&l->wait);
free (l);
+ return next;
error_t
unlock_region (loff_t start, loff_t len)
- struct rlock_list *l;
+ struct rlock_list *l = *po->locks;
- for (l = *po->locks; l; l = l->po.next)
+ while (l)
if (l->len != 0 && l->start + l->len <= start)
/* We start after the locked region ends. */
- continue;
else if (len != 0 && start + len <= l->start)
/* We end before this region starts. Since we are sorted,
@@ -98,7 +99,7 @@ fshelp_rlock_tweak (struct rlock_box *box, pthread_mutex_t
*mutex,
&& l->start + l->len <= start + len)))
/* We wrap the locked region; consume it. */
- rele_lock (l, 1);
+ l = rele_lock (l, 1);
continue;
else if (start <= l->start
@@ -135,8 +136,6 @@ fshelp_rlock_tweak (struct rlock_box *box,
pthread_mutex_t *mutex,
l->waiting = 0;
pthread_cond_broadcast (&l->wait);
- continue;
else if (l->start < start
&& (l->len == 0
@@ -170,6 +169,8 @@ fshelp_rlock_tweak (struct rlock_box *box,
pthread_mutex_t *mutex,
else
assert (! "Impossible!");
+ l = l->po.next;
return 0;
@@ -196,9 +197,9 @@ fshelp_rlock_tweak (struct rlock_box *box,
pthread_mutex_t *mutex,
inline error_t
merge_in (loff_t start, loff_t len, int type)
- struct rlock_list *l;
+ struct rlock_list *l = *po->locks;
- for (l = *po->locks; l; l = l->po.next)
+ while (l)
if (l->start <= start
&& (l->len == 0
@@ -235,7 +236,7 @@ fshelp_rlock_tweak (struct rlock_box *box,
pthread_mutex_t *mutex,
if (! tail)
if (head)
- rele_lock (head, 0);
+ (void) rele_lock (head, 0);
return ENOMEM;
@@ -258,7 +259,7 @@ fshelp_rlock_tweak (struct rlock_box *box,
pthread_mutex_t *mutex,
start = l->start;
len = l->len;
- rele_lock (l, 1);
+ l = rele_lock (l, 1);
continue;
else
@@ -277,7 +278,7 @@ fshelp_rlock_tweak (struct rlock_box *box,
pthread_mutex_t *mutex,
if (type == l->type || type == F_WRLCK)
- rele_lock (l, 1);
+ l = rele_lock (l, 1);
/* Try to merge more. */
continue;
@@ -301,8 +302,6 @@ fshelp_rlock_tweak (struct rlock_box *box,
pthread_mutex_t *mutex,
if (len != 0)
len = start + len - (l->start + l->len);
start = l->start + l->len;
- continue;
else
/* Our end is silently consumed. */
@@ -328,7 +327,7 @@ fshelp_rlock_tweak (struct rlock_box *box,
pthread_mutex_t *mutex,
len += start - l->start;
start = l->start;
- rele_lock (l, 1);
+ l = rele_lock (l, 1);
/* Try to merge in more. */
continue;
@@ -338,7 +337,6 @@ fshelp_rlock_tweak (struct rlock_box *box,
pthread_mutex_t *mutex,
intersection) and we are not the same type. */
/* The is nothing to do except continue the search. */
- continue;
else if (type == F_WRLCK)
/* We comsume the intersection. */
@@ -349,7 +347,6 @@ fshelp_rlock_tweak (struct rlock_box *box,
pthread_mutex_t *mutex,
/* Don't create the lock now; we might be able to
consume more locks. */
- continue;
else
/* We are dominated; the locked region comsumes the
@@ -366,7 +363,6 @@ fshelp_rlock_tweak (struct rlock_box *box,
pthread_mutex_t *mutex,
/* There is still a chance that we can consume more
locks. */
- continue;
else if (start < l->start
@@ -393,7 +389,6 @@ fshelp_rlock_tweak (struct rlock_box *box,
pthread_mutex_t *mutex,
region, however, we are not the same type. Just
insert it. */
- continue;
else if (type == F_WRLCK)
/* We consume the intersection. */
@@ -441,8 +436,9 @@ fshelp_rlock_tweak (struct rlock_box *box,
pthread_mutex_t *mutex,
assert (start >= l->start + l->len);
assert (l->len != 0);
- continue;
+ l = l->po.next;
return (gen_lock (start, len, type) ? 0 : ENOMEM);
--
2.47.3
--
Samuel
d-_-b
how u make that inverted b?
wait
never mind
Prev in Thread
Current Thread
[Next in Thread]
[PATCH Hurd/libfshelp 0/1] Free Memory Read occurs in file locks
Mike Kelly
2026/03/21
[PATCH Hurd/libfshelp 1/1] libfshelp: Free Memory Read errors after calls to rele_lock()
Mike Kelly
2026/03/21
Re: [PATCH Hurd/libfshelp 1/1] libfshelp: Free Memory Read errors after calls to rele_lock()
Samuel Thibault
<=
Prev by Date:
Q1 Qoth of 2026
Next by Date:
Re: Porting gdc/dmd
Previous by thread:
[PATCH Hurd/libfshelp 1/1] libfshelp: Free Memory Read errors after calls to rele_lock()
Next by thread:
[PATCH 0/1] Use DEV_FLUSH_CAHCE conditional
Index(es):
Date
Thread