1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-24 11:29:10 +00:00

Correct a critical accounting error in pmap_demote_pde(). Specifically,

when pmap_demote_pde() allocates a page table page to implement a
user-space demotion, it must increment the pmap's resident page count.
Not doing so, can lead to an underflow during address space termination
that causes pmap_remove() to exit prematurely, before it has destroyed
all of the mappings within the specified range.  The ultimate effect or
symptom of this error is an assertion failure in vm_page_free_toq()
because the page being freed is still mapped.

This error is only possible when superpage promotion is enabled.  Thus,
it only affects FreeBSD  versions greater than 7.2.

Tested by:	pho, alc
Reviewed by:	alc
Approved by:	re (rwatson)
MFC after:	1 week
This commit is contained in:
Konstantin Belousov 2009-08-17 13:27:55 +00:00
parent fbe007da74
commit faccac2d45
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=196318

View File

@ -2261,6 +2261,8 @@ pmap_demote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va)
" in pmap %p", va, pmap);
return (FALSE);
}
if (va < VM_MAXUSER_ADDRESS)
pmap->pm_stats.resident_count++;
}
mptepa = VM_PAGE_TO_PHYS(mpte);
firstpte = (pt_entry_t *)PHYS_TO_DMAP(mptepa);