diff options
| author | alc <alc@FreeBSD.org> | 2011-02-05 21:21:27 +0000 |
|---|---|---|
| committer | alc <alc@FreeBSD.org> | 2011-02-05 21:21:27 +0000 |
| commit | 11491a4c5e318059ea9051b6523ce066255020e4 (patch) | |
| tree | 17ca053f5237cdf00df048613ae24ad00ba77d0e /sys/vm | |
| parent | 0410b9c4fd31dc29ce008f99b4f751d2a0dc37fe (diff) | |
| download | FreeBSD-src-11491a4c5e318059ea9051b6523ce066255020e4.zip FreeBSD-src-11491a4c5e318059ea9051b6523ce066255020e4.tar.gz | |
Unless "cnt" exceeds MAX_COMMIT_COUNT, nfsrv_commit() and nfsvno_fsync() are
incorrectly calling vm_object_page_clean(). They are passing the length of
the range rather than the ending offset of the range.
Perform the OFF_TO_IDX() conversion in vm_object_page_clean() rather than the
callers.
Reviewed by: kib
MFC after: 3 weeks
Diffstat (limited to 'sys/vm')
| -rw-r--r-- | sys/vm/vm_object.c | 16 | ||||
| -rw-r--r-- | sys/vm/vm_object.h | 3 |
2 files changed, 9 insertions, 10 deletions
diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c index 00f9b2e..1eb84f6 100644 --- a/sys/vm/vm_object.c +++ b/sys/vm/vm_object.c @@ -795,11 +795,11 @@ vm_object_page_remove_write(vm_page_t p, int flags, int *clearobjflags) * The object must be locked. */ void -vm_object_page_clean(vm_object_t object, vm_pindex_t start, vm_pindex_t end, +vm_object_page_clean(vm_object_t object, vm_ooffset_t start, vm_ooffset_t end, int flags) { vm_page_t np, p; - vm_pindex_t pi, tend; + vm_pindex_t pi, tend, tstart; int clearobjflags, curgeneration, n, pagerflags; mtx_assert(&vm_page_queue_mtx, MA_NOTOWNED); @@ -813,13 +813,14 @@ vm_object_page_clean(vm_object_t object, vm_pindex_t start, vm_pindex_t end, VM_PAGER_PUT_SYNC : VM_PAGER_CLUSTER_OK; pagerflags |= (flags & OBJPC_INVAL) != 0 ? VM_PAGER_PUT_INVAL : 0; - tend = (end == 0) ? object->size : end; - clearobjflags = start == 0 && tend == object->size; + tstart = OFF_TO_IDX(start); + tend = (end == 0) ? object->size : OFF_TO_IDX(end + PAGE_MASK); + clearobjflags = tstart == 0 && tend >= object->size; rescan: curgeneration = object->generation; - for (p = vm_page_find_least(object, start); p != NULL; p = np) { + for (p = vm_page_find_least(object, tstart); p != NULL; p = np) { pi = p->pindex; if (pi >= tend) break; @@ -941,10 +942,7 @@ vm_object_sync(vm_object_t object, vm_ooffset_t offset, vm_size_t size, flags = (syncio || invalidate) ? OBJPC_SYNC : 0; flags |= invalidate ? OBJPC_INVAL : 0; VM_OBJECT_LOCK(object); - vm_object_page_clean(object, - OFF_TO_IDX(offset), - OFF_TO_IDX(offset + size + PAGE_MASK), - flags); + vm_object_page_clean(object, offset, offset + size, flags); VM_OBJECT_UNLOCK(object); VOP_UNLOCK(vp, 0); VFS_UNLOCK_GIANT(vfslocked); diff --git a/sys/vm/vm_object.h b/sys/vm/vm_object.h index b830202..0f4f47d 100644 --- a/sys/vm/vm_object.h +++ b/sys/vm/vm_object.h @@ -217,7 +217,8 @@ void vm_object_destroy (vm_object_t); void vm_object_terminate (vm_object_t); void vm_object_set_writeable_dirty (vm_object_t); void vm_object_init (void); -void vm_object_page_clean (vm_object_t, vm_pindex_t, vm_pindex_t, boolean_t); +void vm_object_page_clean(vm_object_t object, vm_ooffset_t start, + vm_ooffset_t end, int flags); void vm_object_page_remove (vm_object_t, vm_pindex_t, vm_pindex_t, boolean_t); boolean_t vm_object_populate(vm_object_t, vm_pindex_t, vm_pindex_t); void vm_object_print(long addr, boolean_t have_addr, long count, char *modif); |
