From owner-svn-src-all@FreeBSD.ORG Sun Apr 27 05:19:02 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 96C63770; Sun, 27 Apr 2014 05:19:02 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 705CCC9F; Sun, 27 Apr 2014 05:19:02 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s3R5J23G050442; Sun, 27 Apr 2014 05:19:02 GMT (envelope-from kib@svn.freebsd.org) Received: (from kib@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s3R5J2nV050441; Sun, 27 Apr 2014 05:19:02 GMT (envelope-from kib@svn.freebsd.org) Message-Id: <201404270519.s3R5J2nV050441@svn.freebsd.org> From: Konstantin Belousov Date: Sun, 27 Apr 2014 05:19:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r265002 - head/sys/vm X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Apr 2014 05:19:02 -0000 Author: kib Date: Sun Apr 27 05:19:01 2014 New Revision: 265002 URL: http://svnweb.freebsd.org/changeset/base/265002 Log: When vm_fault_copy_entry() is called from vm_map_protect() for a wired entry and performs the upgrade of the entry permissions from read-only to read-write, we must allow to search for the source pages in the backing object, like we do in the case of forking the read-only wired entry. For the fork case, the behaviour is allowed by src_readonly boolean, which in fact is only used to assert that read-write case provides all source pages in the top-level object. Eliminate the src_readonly variable. Allow for the copy loop to look into the backing objects, add explicit asserts to ensure that only read-only and upgrade case actually does. Expand comments. Change the panic call into assert. Reported by: markj Tested by: markj, pho (previous version) Reviewed by: alc Sponsored by: The FreeBSD Foundation MFC after: 1 week Modified: head/sys/vm/vm_fault.c Modified: head/sys/vm/vm_fault.c ============================================================================== --- head/sys/vm/vm_fault.c Sun Apr 27 02:28:32 2014 (r265001) +++ head/sys/vm/vm_fault.c Sun Apr 27 05:19:01 2014 (r265002) @@ -1240,7 +1240,7 @@ vm_fault_copy_entry(vm_map_t dst_map, vm vm_offset_t vaddr; vm_page_t dst_m; vm_page_t src_m; - boolean_t src_readonly, upgrade; + boolean_t upgrade; #ifdef lint src_map++; @@ -1250,7 +1250,6 @@ vm_fault_copy_entry(vm_map_t dst_map, vm src_object = src_entry->object.vm_object; src_pindex = OFF_TO_IDX(src_entry->offset); - src_readonly = (src_entry->protection & VM_PROT_WRITE) == 0; /* * Create the top-level object for the destination entry. (Doesn't @@ -1321,25 +1320,33 @@ vm_fault_copy_entry(vm_map_t dst_map, vm /* * Find the page in the source object, and copy it in. - * (Because the source is wired down, the page will be in - * memory.) + * Because the source is wired down, the page will be + * in memory. */ VM_OBJECT_RLOCK(src_object); object = src_object; pindex = src_pindex + dst_pindex; while ((src_m = vm_page_lookup(object, pindex)) == NULL && - src_readonly && (backing_object = object->backing_object) != NULL) { /* - * Allow fallback to backing objects if we are reading. + * Unless the source mapping is read-only or + * it is presently being upgraded from + * read-only, the first object in the shadow + * chain should provide all of the pages. In + * other words, this loop body should never be + * executed when the source mapping is already + * read/write. */ + KASSERT((src_entry->protection & VM_PROT_WRITE) == 0 || + upgrade, + ("vm_fault_copy_entry: main object missing page")); + VM_OBJECT_RLOCK(backing_object); pindex += OFF_TO_IDX(object->backing_object_offset); VM_OBJECT_RUNLOCK(object); object = backing_object; } - if (src_m == NULL) - panic("vm_fault_copy_wired: page missing"); + KASSERT(src_m != NULL, ("vm_fault_copy_entry: page missing")); pmap_copy_page(src_m, dst_m); VM_OBJECT_RUNLOCK(object); dst_m->valid = VM_PAGE_BITS_ALL;