We really don't want this to inherit. private copies of a file should use the thread's policy.

This locking was unique to this instance of the pattern. It does not look like it's necessary.

We really don't want this to inherit. private copies of a file should use the thread's policy.

Note that this is only for wired map entries. I agree that the removal of the assignment makes this code correct in more situations than it was with the assignment present.

Can you extract this part into separate patch ?

For instance, I want this part merged to stable/11.

I think that it is not necessary.

We have trunc_page() for this.

Style: no space after cast.

Also the previous assignment is redundant.

KERN_INVALID_ADDRESS should probably map to ENOMEM for consistency with other similar syscalls?

"contained in"

Style: redundant parentheses.

What's the purpose of calling vm_object_collapse() if OBJ_NOSPLIT is set?

There is no purpose, but it is also harmless. OBJ_NOSPLIT implies that there is no backing object so the call is NOP.

This is of course copy & paste from vm_kern.c. I will review more carefully.

Yes I will put a switch in once I have finalized the other code.

Yes I will do so before commit.

I think this is missing something like:

if (current->eflags & MAP_ENTRY_NEEDS_COPY) {
        vm_object_shadow(&old_entry->object.vm_object,
            &current->offset, current->end - current->start);
        current->eflags &= ~MAP_ENTRY_NEEDS_COPY;
        object = current->object.vm_object;

It might be too forcefull. It is not clear whether we should do it immediately or postpone the COW object creation until the first write fault. You would store the policy in the entry and then migrate it to the object on fault. In fact, this is very similar to how swap accounting work.

Isn't the downside only an extra vm object?

It seems the other way will require a lot of extra accounting for what could be simple. swap is used for every object, domain policy will be rare.

Upon further review, this is not quite the same.

Imagine address of 4095 and length of 4096
pageoff = 4096
addr = 0;
size = 4096 + 4095 = 8192
round_page() = 8192
two pages

trunc_page(4095) = 0;
round_page(size) = 4096;
one page

It could probably be written more clearly if we were to just calculate end and then round down start and round-up end but this is the pattern the other memory syscalls use.

I guess the question is then, what do I do if I can't split? Does that leave me applying a domainset to a larger range than requested?

perhaps error != 0

Style requires no declarations in the middle of the function.

Excessive ().

Extra object in the shadow chain. This makes scans/forks/collapses and vm_fault() cost.

We only do the copy on actual fault, before. Now, if e.g. an application does mbind() over its entire address space, then all text segments which are need_copy/ro, get the additional object in the chain.

OTOH I tend to agree that it is fine for the initial implementation. MIght be the involved implementation should move the entry->cred push from entry to object into some helper, and this helper used consistently. Then push of the domain from entry to object would be one-liner.