The loop in vm_map_protect that verifies that all transition map

entries are stabilized, repeatedly verifies the same entry. Check each entry in turn. Reviewed by: kib (code only), alc Tested by: pho MFC after: 7 days Differential Revision: https://reviews.freebsd.org/D22405
svn path=/head/; revision=354785
2019-11-17 06:50:36 +00:00 · 2019-11-17 06:50:36 +00:00 · bdb90e7613 · 2020-12-20 02:59:44 +00:00
commit bdb90e7613
parent 5979bb0b7d
1 changed files with 7 additions and 8 deletions
--- a/sys/vm/vm_map.c
+++ b/sys/vm/vm_map.c
@ -2469,17 +2469,16 @@ vm_map_protect(vm_map_t map, vm_offset_t start, vm_offset_t end,
 			vm_map_unlock(map);
 			return (KERN_PROTECTION_FAILURE);
 		}
-		if ((entry->eflags & MAP_ENTRY_IN_TRANSITION) != 0)
-			in_tran = entry;
+		if ((current->eflags & MAP_ENTRY_IN_TRANSITION) != 0)
+			in_tran = current;
 	}

 	/*
-	 * Postpone the operation until all in transition map entries
-	 * are stabilized.  In-transition entry might already have its
-	 * pages wired and wired_count incremented, but
-	 * MAP_ENTRY_USER_WIRED flag not yet set, and visible to other
-	 * threads because the map lock is dropped.  In this case we
-	 * would miss our call to vm_fault_copy_entry().
+	 * Postpone the operation until all in-transition map entries have
+	 * stabilized.  An in-transition entry might already have its pages
+	 * wired and wired_count incremented, but not yet have its
+	 * MAP_ENTRY_USER_WIRED flag set.  In which case, we would fail to call
+	 * vm_fault_copy_entry() in the final loop below.
 	 */
 	if (in_tran != NULL) {
 		in_tran->eflags |= MAP_ENTRY_NEEDS_WAKEUP;