Page MenuHomeFreeBSD
Files F144266026

D53891.diff
No OneTemporary
Actions

D53891.diff
View Options

diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c
--- a/sys/vm/vm_object.c
+++ b/sys/vm/vm_object.c
@@ -2190,8 +2190,8 @@
next_size >>= PAGE_SHIFT;
next_pindex = OFF_TO_IDX(prev_offset) + prev_size;
- if (prev_object->ref_count > 1 &&
- prev_object->size != next_pindex &&
+ if (prev_object->ref_count > 1 ||
+ prev_object->size != next_pindex ||
(prev_object->flags & OBJ_ONEMAPPING) == 0) {
VM_OBJECT_WUNLOCK(prev_object);
return (FALSE);
@@ -2223,26 +2223,51 @@
* Remove any pages that may still be in the object from a previous
* deallocation.
*/
- if (next_pindex < prev_object->size) {
- vm_object_page_remove(prev_object, next_pindex, next_pindex +
- next_size, 0);
-#if 0
- if (prev_object->cred != NULL) {
- KASSERT(prev_object->charge >=
- ptoa(prev_object->size - next_pindex),
- ("object %p overcharged 1 %jx %jx", prev_object,
- (uintmax_t)next_pindex, (uintmax_t)next_size));
- prev_object->charge -= ptoa(prev_object->size -
- next_pindex);
- }
-#endif
- }
+ vm_object_page_remove(prev_object, next_pindex, next_pindex +
+ next_size, 0);
/*
- * Extend the object if necessary.
+ * Extend the object.
*/
- if (next_pindex + next_size > prev_object->size)
- prev_object->size = next_pindex + next_size;
+ prev_object->size = next_pindex + next_size;
+
+#ifdef INVARIANTS
+ /*
+ * Re-check: there must be no pages in the next range
+ * backed by prev_entry's object. Otherwise, the
+ * resulting corruption is same as faulting in
+ * non-zeroed page.
+ */
+ if (vm_check_pg_zero) {
+ vm_page_t m;
+ vm_pindex_t pidx, pstart, pend;
+
+ pstart = OFF_TO_IDX(prev_offset + prev_size);
+ pend = pstart + OFF_TO_IDX(next_size),
+ m = vm_radix_lookup_ge(&prev_object->rtree, pstart);
+ if (m != NULL) {
+ KASSERT(m->pindex >= pend,
+ ("found obj %p page %p pindex %#jx "
+ "e %#jx %#jx %#jx",
+ prev_object, m, (uintmax_t)m->pindex,
+ (uintmax_t)prev_offset,
+ (uintmax_t)prev_size,
+ (uintmax_t)next_size));
+ }
+ for (pidx = pstart; pidx < pend; pidx++) {
+ if (vm_pager_has_page(prev_object, pidx,
+ NULL, NULL)) {
+ KASSERT(1, ("found pager obj %p "
+ "pindex %#jx "
+ "e %#jx %#jx %#jx",
+ prev_object, (uintmax_t)pidx,
+ (uintmax_t)prev_offset,
+ (uintmax_t)prev_size,
+ (uintmax_t)next_size));
+ }
+ }
+ }
+#endif
VM_OBJECT_WUNLOCK(prev_object);
return (TRUE);

File Metadata

Mime Type
text/plain
Expires
Sun, Feb 8, 7:51 AM (26 m, 52 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
26265336
Default Alt Text
D53891.diff (2 KB)

Event Timeline