Index: sys/cam/cam_periph.c =================================================================== --- sys/cam/cam_periph.c +++ sys/cam/cam_periph.c @@ -955,18 +955,12 @@ */ mapinfo->bp[i] = uma_zalloc(pbuf_zone, M_WAITOK); - /* put our pointer in the data slot */ - mapinfo->bp[i]->b_data = *data_ptrs[i]; - - /* set the transfer length, we know it's < MAXPHYS */ - mapinfo->bp[i]->b_bufsize = lengths[i]; - /* set the direction */ mapinfo->bp[i]->b_iocmd = (dirs[i] == CAM_DIR_OUT) ? BIO_WRITE : BIO_READ; /* Map the buffer into kernel memory. */ - if (vmapbuf(mapinfo->bp[i], 1) < 0) { + if (vmapbuf(mapinfo->bp[i], *data_ptrs[i], lengths[i], 1) < 0) { uma_zfree(pbuf_zone, mapinfo->bp[i]); goto fail; } Index: sys/dev/nvme/nvme_ctrlr.c =================================================================== --- sys/dev/nvme/nvme_ctrlr.c +++ sys/dev/nvme/nvme_ctrlr.c @@ -1268,10 +1268,8 @@ */ PHOLD(curproc); buf = uma_zalloc(pbuf_zone, M_WAITOK); - buf->b_data = pt->buf; - buf->b_bufsize = pt->len; buf->b_iocmd = pt->is_read ? BIO_READ : BIO_WRITE; - if (vmapbuf(buf, 1) < 0) { + if (vmapbuf(buf, pt->buf, pt->len, 1) < 0) { ret = EFAULT; goto err; } Index: sys/kern/vfs_bio.c =================================================================== --- sys/kern/vfs_bio.c +++ sys/kern/vfs_bio.c @@ -4907,22 +4907,23 @@ * This function only works with pager buffers. */ int -vmapbuf(struct buf *bp, int mapbuf) +vmapbuf(struct buf *bp, void *uaddr, size_t len, int mapbuf) { vm_prot_t prot; int pidx; - if (bp->b_bufsize < 0) + if (len < 0) return (-1); prot = VM_PROT_READ; if (bp->b_iocmd == BIO_READ) prot |= VM_PROT_WRITE; /* Less backwards than it looks */ if ((pidx = vm_fault_quick_hold_pages(&curproc->p_vmspace->vm_map, - (vm_offset_t)bp->b_data, bp->b_bufsize, prot, bp->b_pages, + (vm_offset_t)uaddr, len, prot, bp->b_pages, btoc(MAXPHYS))) < 0) return (-1); + bp->b_bufsize = len; bp->b_npages = pidx; - bp->b_offset = ((vm_offset_t)bp->b_data) & PAGE_MASK; + bp->b_offset = ((vm_offset_t)uaddr) & PAGE_MASK; if (mapbuf || !unmapped_buf_allowed) { pmap_qenter((vm_offset_t)bp->b_kvabase, bp->b_pages, pidx); bp->b_data = bp->b_kvabase + bp->b_offset; Index: sys/sys/buf.h =================================================================== --- sys/sys/buf.h +++ sys/sys/buf.h @@ -575,7 +575,7 @@ void vfs_bio_set_valid(struct buf *, int base, int size); void vfs_busy_pages(struct buf *, int clear_modify); void vfs_unbusy_pages(struct buf *); -int vmapbuf(struct buf *, int); +int vmapbuf(struct buf *, void *, size_t, int); void vunmapbuf(struct buf *); void brelvp(struct buf *); void bgetvp(struct vnode *, struct buf *); Index: sys/ufs/ffs/ffs_rawread.c =================================================================== --- sys/ufs/ffs/ffs_rawread.c +++ sys/ufs/ffs/ffs_rawread.c @@ -216,7 +216,6 @@ bp->b_flags = 0; /* XXX necessary ? */ bp->b_iocmd = BIO_READ; bp->b_iodone = bdone; - bp->b_data = udata; blockno = offset / bsize; blockoff = (offset % bsize) / DEV_BSIZE; if ((daddr_t) blockno != blockno) { @@ -233,9 +232,8 @@ if (bp->b_bcount + blockoff * DEV_BSIZE > bsize) bp->b_bcount = bsize - blockoff * DEV_BSIZE; - bp->b_bufsize = bp->b_bcount; - if (vmapbuf(bp, 1) < 0) + if (vmapbuf(bp, udata, bp->b_bcount, 1) < 0) return EFAULT; maybe_yield(); @@ -252,9 +250,8 @@ if (bp->b_bcount + blockoff * DEV_BSIZE > bsize * (1 + bforwards)) bp->b_bcount = bsize * (1 + bforwards) - blockoff * DEV_BSIZE; - bp->b_bufsize = bp->b_bcount; - if (vmapbuf(bp, 1) < 0) + if (vmapbuf(bp, udata, bp->b_bcount, 1) < 0) return EFAULT; BO_STRATEGY(&dp->v_bufobj, bp);