Date: Mon, 17 Aug 2009 13:27:56 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r196318 - head/sys/amd64/amd64 Message-ID: <200908171327.n7HDRuxs078877@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Mon Aug 17 13:27:55 2009 New Revision: 196318 URL: http://svn.freebsd.org/changeset/base/196318 Log: Correct a critical accounting error in pmap_demote_pde(). Specifically, when pmap_demote_pde() allocates a page table page to implement a user-space demotion, it must increment the pmap's resident page count. Not doing so, can lead to an underflow during address space termination that causes pmap_remove() to exit prematurely, before it has destroyed all of the mappings within the specified range. The ultimate effect or symptom of this error is an assertion failure in vm_page_free_toq() because the page being freed is still mapped. This error is only possible when superpage promotion is enabled. Thus, it only affects FreeBSD versions greater than 7.2. Tested by: pho, alc Reviewed by: alc Approved by: re (rwatson) MFC after: 1 week Modified: head/sys/amd64/amd64/pmap.c Modified: head/sys/amd64/amd64/pmap.c ============================================================================== --- head/sys/amd64/amd64/pmap.c Mon Aug 17 13:00:32 2009 (r196317) +++ head/sys/amd64/amd64/pmap.c Mon Aug 17 13:27:55 2009 (r196318) @@ -2261,6 +2261,8 @@ pmap_demote_pde(pmap_t pmap, pd_entry_t " in pmap %p", va, pmap); return (FALSE); } + if (va < VM_MAXUSER_ADDRESS) + pmap->pm_stats.resident_count++; } mptepa = VM_PAGE_TO_PHYS(mpte); firstpte = (pt_entry_t *)PHYS_TO_DMAP(mptepa);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908171327.n7HDRuxs078877>