662d471da6
of this micro-optimization occurs when we call pmap_enter() to wire an already mapped page. Because of the micro-optimization, we fail to mark the PTE as wired. Later, on teardown of the address space, pmap_remove_pages() destroys the PTE before vm_fault_unwire() has unwired the page. (pmap_remove_pages() is not supposed to destroy wired PTEs. They are destroyed by a later call to pmap_remove().) Thus, the page becomes lost. Note: The page is not lost if the application called munlock(2), only if it relies on teardown of the address space to unwire its pages. For the historically inclined, this bug was introduced by a megacommit, revision 1.182, roughly six years ago. Leak observed by: green@ and dillon independently Patch submitted by: dillon at backplane dot com Reviewed by: tegge@ MFC after: 1 week