D53891.id.diff
View Options

	diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c
	--- a/sys/vm/vm_map.c
	+++ b/sys/vm/vm_map.c
	@@ -1743,6 +1743,38 @@
	(vm_size_t)(prev_entry->end - prev_entry->start),
	(vm_size_t)(end - prev_entry->end), cred != NULL &&
	(protoeflags & MAP_ENTRY_NEEDS_COPY) == 0)) {
	+#ifdef INVARIANTS
	+ /*
	+ * Re-check after vm_object_coalesce(): there must be
	+ * no pages in the next range backed by the
	+ * prev_entry' object. Otherwise, the corruption is
	+ * same as faulting in non-zeroed page.
	+ */
	+ if (vm_check_pg_zero && prev_entry->object.vm_object != NULL) {
	+ struct pctrie_iter pages;
	+ vm_page_t p;
	+
	+ vm_page_iter_init(&pages, prev_entry->object.vm_object);
	+ VM_OBJECT_RLOCK(prev_entry->object.vm_object);
	+ p = vm_radix_iter_lookup_ge(&pages,
	+ OFF_TO_IDX(prev_entry->offset +
	+ prev_entry->end - prev_entry->start));
	+ if (p != NULL) {
	+ KASSERT(p->pindex >= OFF_TO_IDX(
	+ prev_entry->offset + prev_entry->end -
	+ prev_entry->start + end - start),
	+ ("found obj %p page %p pindex %#jx "
	+ "e %#jx %#jx %#jx %#jx",
	+ prev_entry->object.vm_object, p, p->pindex,
	+ (uintmax_t)prev_entry->offset,
	+ (uintmax_t)prev_entry->end,
	+ (uintmax_t)prev_entry->start,
	+ (uintmax_t)(end - start)));
	+ }
	+ VM_OBJECT_RUNLOCK(prev_entry->object.vm_object);
	+ }
	+#endif
	+
	/*
	* We were able to extend the object. Determine if we
	* can extend the previous map entry to include the
	diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c
	--- a/sys/vm/vm_object.c
	+++ b/sys/vm/vm_object.c
	@@ -1988,7 +1988,7 @@
	(options & (OBJPR_CLEANONLY \| OBJPR_NOTMAPPED)) == OBJPR_NOTMAPPED,
	("vm_object_page_remove: illegal options for object %p", object));
	if (object->resident_page_count == 0)
	- return;
	+ goto remove_pager;
	vm_object_pip_add(object, 1);
	vm_page_iter_limit_init(&pages, object, end);
	again:
	@@ -2061,6 +2061,7 @@
	}
	vm_object_pip_wakeup(object);

	+remove_pager:
	vm_pager_freespace(object, start, (end == 0 ? object->size : end) -
	start);
	}
	@@ -2189,8 +2190,8 @@
	next_size >>= PAGE_SHIFT;
	next_pindex = OFF_TO_IDX(prev_offset) + prev_size;

	- if (prev_object->ref_count > 1 &&
	- prev_object->size != next_pindex &&
	+ if (prev_object->ref_count > 1 \|\|
	+ prev_object->size != next_pindex \|\|
	(prev_object->flags & OBJ_ONEMAPPING) == 0) {
	VM_OBJECT_WUNLOCK(prev_object);
	return (FALSE);
	@@ -2222,26 +2223,13 @@
	* Remove any pages that may still be in the object from a previous
	* deallocation.
	*/
	- if (next_pindex < prev_object->size) {
	- vm_object_page_remove(prev_object, next_pindex, next_pindex +
	- next_size, 0);
	-#if 0
	- if (prev_object->cred != NULL) {
	- KASSERT(prev_object->charge >=
	- ptoa(prev_object->size - next_pindex),
	- ("object %p overcharged 1 %jx %jx", prev_object,
	- (uintmax_t)next_pindex, (uintmax_t)next_size));
	- prev_object->charge -= ptoa(prev_object->size -
	- next_pindex);
	- }
	-#endif
	- }
	+ vm_object_page_remove(prev_object, next_pindex, next_pindex +
	+ next_size, 0);

	/*
	- * Extend the object if necessary.
	+ * Extend the object..
	*/
	- if (next_pindex + next_size > prev_object->size)
	- prev_object->size = next_pindex + next_size;
	+ prev_object->size = next_pindex + next_size;

	VM_OBJECT_WUNLOCK(prev_object);
	return (TRUE);

File Metadata

Mime Type: text/plain
Expires: Mon, Nov 24, 5:01 PM (9 h, 46 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 26066911
Default Alt Text: D53891.id.diff (3 KB)

D53891.id.diff
No OneTemporary
Actions

D53891.id.diff
View Options

File Metadata

Event Timeline

D53891.id.diffNo OneTemporaryActions

D53891.id.diffView Options

File Metadata

Event Timeline

D53891.id.diff
No OneTemporary
Actions

D53891.id.diff
View Options