From b11fa1d14dcd0c423c44976ff988b593de218a89 Mon Sep 17 00:00:00 2001
From: dillon <dillon@FreeBSD.org>
Date: Wed, 31 Oct 2001 03:06:33 +0000
Subject: Don't let pmap_object_init_pt() exhaust all available free pages
 (allocating pv entries w/ zalloci) when called in a loop due to an madvise().
  It is possible to completely exhaust the free page list and cause a system
 panic when an expected allocation fails.

---
 sys/amd64/amd64/pmap.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'sys/amd64')

diff --git a/sys/amd64/amd64/pmap.c b/sys/amd64/amd64/pmap.c
index 5912074..edd0758 100644
--- a/sys/amd64/amd64/pmap.c
+++ b/sys/amd64/amd64/pmap.c
@@ -2546,7 +2546,7 @@ retry:
 	psize = i386_btop(size);
 
 	if ((object->type != OBJT_VNODE) ||
-		(limit && (psize > MAX_INIT_PT) &&
+		((limit & MAP_PREFAULT_PARTIAL) && (psize > MAX_INIT_PT) &&
 			(object->resident_page_count > MAX_INIT_PT))) {
 		return;
 	}
@@ -2577,6 +2577,14 @@ retry:
 			if (tmpidx >= psize) {
 				continue;
 			}
+			/*
+			 * don't allow an madvise to blow away our really
+			 * free pages allocating pv entries.
+			 */
+			if ((limit & MAP_PREFAULT_MADVISE) &&
+			    cnt.v_free_count < cnt.v_free_reserved) {
+				break;
+			}
 			if (((p->valid & VM_PAGE_BITS_ALL) == VM_PAGE_BITS_ALL) &&
 				(p->busy == 0) &&
 			    (p->flags & (PG_BUSY | PG_FICTITIOUS)) == 0) {
@@ -2595,6 +2603,14 @@ retry:
 		 * else lookup the pages one-by-one.
 		 */
 		for (tmpidx = 0; tmpidx < psize; tmpidx += 1) {
+			/*
+			 * don't allow an madvise to blow away our really
+			 * free pages allocating pv entries.
+			 */
+			if ((limit & MAP_PREFAULT_MADVISE) &&
+			    cnt.v_free_count < cnt.v_free_reserved) {
+				break;
+			}
 			p = vm_page_lookup(object, tmpidx + pindex);
 			if (p &&
 			    ((p->valid & VM_PAGE_BITS_ALL) == VM_PAGE_BITS_ALL) &&
-- 
cgit v1.1