Index: head/sys/kern/sys_process.c =================================================================== --- head/sys/kern/sys_process.c +++ head/sys/kern/sys_process.c @@ -387,8 +387,9 @@ error = EINVAL; break; } - while (entry != &map->header && - (entry->eflags & MAP_ENTRY_IS_SUB_MAP) != 0) { + KASSERT((map->header.eflags & MAP_ENTRY_IS_SUB_MAP) == 0, + ("Submap in map header")); + while ((entry->eflags & MAP_ENTRY_IS_SUB_MAP) != 0) { entry = entry->next; index++; } Index: head/sys/vm/vm_map.h =================================================================== --- head/sys/vm/vm_map.h +++ head/sys/vm/vm_map.h @@ -146,6 +146,7 @@ #define MAP_ENTRY_GUARD 0x10000 #define MAP_ENTRY_STACK_GAP_DN 0x20000 #define MAP_ENTRY_STACK_GAP_UP 0x40000 +#define MAP_ENTRY_HEADER 0x80000 #ifdef _KERNEL static __inline u_char @@ -175,24 +176,22 @@ * list. Both structures are ordered based upon the start and * end addresses contained within each map entry. * - * Counterintuitively, the map's min offset value is stored in - * map->header.end, and its max offset value is stored in - * map->header.start. - * - * The list header has max start value and min end value to act - * as sentinels for sequential search of the doubly-linked list. * Sleator and Tarjan's top-down splay algorithm is employed to * control height imbalance in the binary search tree. * + * The map's min offset value is stored in map->header.end, and + * its max offset value is stored in map->header.start. These + * values act as sentinels for any forward or backward address + * scan of the list. The map header has a special value for the + * eflags field, MAP_ENTRY_HEADER, that is set initially, is + * never changed, and prevents an eflags match of the header + * with any other map entry. + * * List of locks * (c) const until freed */ struct vm_map { struct vm_map_entry header; /* List of entries */ -/* - map min_offset header.end (c) - map max_offset header.start (c) -*/ struct sx lock; /* Lock for map data */ struct mtx system_mtx; int nentries; /* Number of entries */ Index: head/sys/vm/vm_map.c =================================================================== --- head/sys/vm/vm_map.c +++ head/sys/vm/vm_map.c @@ -796,6 +796,7 @@ { map->header.next = map->header.prev = &map->header; + map->header.eflags = MAP_ENTRY_HEADER; map->needs_wakeup = FALSE; map->system_map = 0; map->pmap = pmap; @@ -1277,8 +1278,8 @@ if (object->ref_count > 1 || object->shadow_count != 0) vm_object_clear_flag(object, OBJ_ONEMAPPING); VM_OBJECT_WUNLOCK(object); - } else if (prev_entry != &map->header && - (prev_entry->eflags & ~MAP_ENTRY_USER_WIRED) == protoeflags && + } else if ((prev_entry->eflags & ~MAP_ENTRY_USER_WIRED) == + protoeflags && (cow & (MAP_STACK_GROWS_DOWN | MAP_STACK_GROWS_UP)) == 0 && prev_entry->end == start && (prev_entry->cred == cred || (prev_entry->object.vm_object != NULL && @@ -1708,8 +1709,7 @@ return; prev = entry->prev; - if (prev != &map->header && - vm_map_mergeable_neighbors(prev, entry)) { + if (vm_map_mergeable_neighbors(prev, entry)) { vm_map_entry_unlink(map, prev); entry->start = prev->start; entry->offset = prev->offset; @@ -1719,8 +1719,7 @@ } next = entry->next; - if (next != &map->header && - vm_map_mergeable_neighbors(entry, next)) { + if (vm_map_mergeable_neighbors(entry, next)) { vm_map_entry_unlink(map, next); entry->end = next->end; vm_map_entry_resize_free(map, entry);