diff options
author | kib <kib@FreeBSD.org> | 2013-07-11 05:58:28 +0000 |
---|---|---|
committer | kib <kib@FreeBSD.org> | 2013-07-11 05:58:28 +0000 |
commit | bea7bbed5f6e4857faba6bb624d815af08679e0e (patch) | |
tree | 89a387f2b549d97903dbd971206d9bebc8f15742 /sys/vm/vm_fault.c | |
parent | 04554f0bf4d7f86323af1b2e5fff31973e050499 (diff) | |
download | FreeBSD-src-bea7bbed5f6e4857faba6bb624d815af08679e0e.zip FreeBSD-src-bea7bbed5f6e4857faba6bb624d815af08679e0e.tar.gz |
The vm_fault() should not be allowed to proceed on the map entry which
is being wired now. The entry wired count is changed to non-zero in
advance, before the map lock is dropped. This makes the vm_fault() to
perceive the entry as wired, and breaks the fragment which moves the
wire count from the shadowed page, to the upper page, making the code
unwiring non-wired page.
On the other hand, the vm_fault() calls from vm_fault_wire() should be
allowed to proceed, so only drain MAP_ENTRY_IN_TRANSITION from
vm_fault() when wiring_thread is not current.
Reported and tested by: pho
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Diffstat (limited to 'sys/vm/vm_fault.c')
-rw-r--r-- | sys/vm/vm_fault.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index d7cc651..f7f1889 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -280,6 +280,19 @@ RetryFault:; (u_long)vaddr); } + if (fs.entry->eflags & MAP_ENTRY_IN_TRANSITION && + fs.entry->wiring_thread != curthread) { + vm_map_unlock_read(fs.map); + vm_map_lock(fs.map); + if (vm_map_lookup_entry(fs.map, vaddr, &fs.entry) && + (fs.entry->eflags & MAP_ENTRY_IN_TRANSITION)) { + fs.entry->eflags |= MAP_ENTRY_NEEDS_WAKEUP; + vm_map_unlock_and_wait(fs.map, 0); + } else + vm_map_unlock(fs.map); + goto RetryFault; + } + /* * Make a reference to this object to prevent its disposal while we * are messing with it. Once we have the reference, the map is free |