diff options
| author | kib <kib@FreeBSD.org> | 2009-08-17 13:27:55 +0000 |
|---|---|---|
| committer | kib <kib@FreeBSD.org> | 2009-08-17 13:27:55 +0000 |
| commit | 78d3e2f45aae92ad13d443fa0ba76b5c669cef7b (patch) | |
| tree | dab0d904bfa3a007f53c36a88bbe5b5147c13406 /sys/amd64 | |
| parent | 75d3b6b740673d59a4cfd9c8cb2716647c75714e (diff) | |
| download | FreeBSD-src-78d3e2f45aae92ad13d443fa0ba76b5c669cef7b.zip FreeBSD-src-78d3e2f45aae92ad13d443fa0ba76b5c669cef7b.tar.gz | |
Correct a critical accounting error in pmap_demote_pde(). Specifically,
when pmap_demote_pde() allocates a page table page to implement a
user-space demotion, it must increment the pmap's resident page count.
Not doing so, can lead to an underflow during address space termination
that causes pmap_remove() to exit prematurely, before it has destroyed
all of the mappings within the specified range. The ultimate effect or
symptom of this error is an assertion failure in vm_page_free_toq()
because the page being freed is still mapped.
This error is only possible when superpage promotion is enabled. Thus,
it only affects FreeBSD versions greater than 7.2.
Tested by: pho, alc
Reviewed by: alc
Approved by: re (rwatson)
MFC after: 1 week
Diffstat (limited to 'sys/amd64')
| -rw-r--r-- | sys/amd64/amd64/pmap.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/amd64/amd64/pmap.c b/sys/amd64/amd64/pmap.c index 622ed62..b9eee49 100644 --- a/sys/amd64/amd64/pmap.c +++ b/sys/amd64/amd64/pmap.c @@ -2261,6 +2261,8 @@ pmap_demote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va) " in pmap %p", va, pmap); return (FALSE); } + if (va < VM_MAXUSER_ADDRESS) + pmap->pm_stats.resident_count++; } mptepa = VM_PAGE_TO_PHYS(mpte); firstpte = (pt_entry_t *)PHYS_TO_DMAP(mptepa); |
