summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoralc <alc@FreeBSD.org>2004-07-28 18:23:08 +0000
committeralc <alc@FreeBSD.org>2004-07-28 18:23:08 +0000
commit9507df06e35de2ec5980481ede329d5b2c0941d0 (patch)
tree2929a41c9a8bd235a7302351b15c3a5067b53e4f
parent658e7039ff87b88ebafa1c1f106cdf1219dacd59 (diff)
downloadFreeBSD-src-9507df06e35de2ec5980481ede329d5b2c0941d0.zip
FreeBSD-src-9507df06e35de2ec5980481ede329d5b2c0941d0.tar.gz
Correct a very old error in both vm_object_madvise() (originating in
vm/vm_object.c revision 1.88) and vm_object_sync() (originating in vm/vm_map.c revision 1.36): When descending a chain of backing objects, both use the wrong object's backing offset. Consequently, both may operate on the wrong pages. Quoting Matt, "This could be responsible for all of the sporatic madvise oddness that has been reported over the years." Reviewed by: Matt Dillon
Diffstat
-rw-r--r--sys/vm/vm_object.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c
index 36d1fb4..feb13aa 100644
--- a/sys/vm/vm_object.c
+++ b/sys/vm/vm_object.c
@@ -985,9 +985,9 @@ vm_object_sync(vm_object_t object, vm_ooffset_t offset, vm_size_t size,
VM_OBJECT_LOCK(object);
while ((backing_object = object->backing_object) != NULL) {
VM_OBJECT_LOCK(backing_object);
+ offset += object->backing_object_offset;
VM_OBJECT_UNLOCK(object);
object = backing_object;
- offset += object->backing_object_offset;
if (object->size < OFF_TO_IDX(offset + size))
size = IDX_TO_OFF(object->size) - offset;
}
@@ -1096,9 +1096,9 @@ shadowlookup:
if (backing_object == NULL)
goto unlock_tobject;
VM_OBJECT_LOCK(backing_object);
+ tpindex += OFF_TO_IDX(tobject->backing_object_offset);
VM_OBJECT_UNLOCK(tobject);
tobject = backing_object;
- tpindex += OFF_TO_IDX(tobject->backing_object_offset);
goto shadowlookup;
}
/*
OpenPOWER on IntegriCloud