diff options
author | alc <alc@FreeBSD.org> | 2011-02-05 21:21:27 +0000 |
---|---|---|
committer | alc <alc@FreeBSD.org> | 2011-02-05 21:21:27 +0000 |
commit | 11491a4c5e318059ea9051b6523ce066255020e4 (patch) | |
tree | 17ca053f5237cdf00df048613ae24ad00ba77d0e /sys/vm/vm_object.c | |
parent | 0410b9c4fd31dc29ce008f99b4f751d2a0dc37fe (diff) | |
download | FreeBSD-src-11491a4c5e318059ea9051b6523ce066255020e4.zip FreeBSD-src-11491a4c5e318059ea9051b6523ce066255020e4.tar.gz |
Unless "cnt" exceeds MAX_COMMIT_COUNT, nfsrv_commit() and nfsvno_fsync() are
incorrectly calling vm_object_page_clean(). They are passing the length of
the range rather than the ending offset of the range.
Perform the OFF_TO_IDX() conversion in vm_object_page_clean() rather than the
callers.
Reviewed by: kib
MFC after: 3 weeks
Diffstat (limited to 'sys/vm/vm_object.c')
-rw-r--r-- | sys/vm/vm_object.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c index 00f9b2e..1eb84f6 100644 --- a/sys/vm/vm_object.c +++ b/sys/vm/vm_object.c @@ -795,11 +795,11 @@ vm_object_page_remove_write(vm_page_t p, int flags, int *clearobjflags) * The object must be locked. */ void -vm_object_page_clean(vm_object_t object, vm_pindex_t start, vm_pindex_t end, +vm_object_page_clean(vm_object_t object, vm_ooffset_t start, vm_ooffset_t end, int flags) { vm_page_t np, p; - vm_pindex_t pi, tend; + vm_pindex_t pi, tend, tstart; int clearobjflags, curgeneration, n, pagerflags; mtx_assert(&vm_page_queue_mtx, MA_NOTOWNED); @@ -813,13 +813,14 @@ vm_object_page_clean(vm_object_t object, vm_pindex_t start, vm_pindex_t end, VM_PAGER_PUT_SYNC : VM_PAGER_CLUSTER_OK; pagerflags |= (flags & OBJPC_INVAL) != 0 ? VM_PAGER_PUT_INVAL : 0; - tend = (end == 0) ? object->size : end; - clearobjflags = start == 0 && tend == object->size; + tstart = OFF_TO_IDX(start); + tend = (end == 0) ? object->size : OFF_TO_IDX(end + PAGE_MASK); + clearobjflags = tstart == 0 && tend >= object->size; rescan: curgeneration = object->generation; - for (p = vm_page_find_least(object, start); p != NULL; p = np) { + for (p = vm_page_find_least(object, tstart); p != NULL; p = np) { pi = p->pindex; if (pi >= tend) break; @@ -941,10 +942,7 @@ vm_object_sync(vm_object_t object, vm_ooffset_t offset, vm_size_t size, flags = (syncio || invalidate) ? OBJPC_SYNC : 0; flags |= invalidate ? OBJPC_INVAL : 0; VM_OBJECT_LOCK(object); - vm_object_page_clean(object, - OFF_TO_IDX(offset), - OFF_TO_IDX(offset + size + PAGE_MASK), - flags); + vm_object_page_clean(object, offset, offset + size, flags); VM_OBJECT_UNLOCK(object); VOP_UNLOCK(vp, 0); VFS_UNLOCK_GIANT(vfslocked); |