Address two problems with sendfile(..., SF_NOCACHE) and apply one

"optimization".  First, sendfile(..., SF_NOCACHE) frees pages without
checking whether those pages are mapped.  This can leave the system
with mappings to free or repurposed pages.  Second, a page can be
busied between the time of the current busy test and acquiring the
object lock.  Essentially, the test performed before the object lock
is acquired can only be regarded as an optimization to short-circuit
further work on the page.  It cannot, however, be relied upon to prove
that it is safe to free the page.  Third, when sendfile(..., SF_NOCACHE)
was originally implemented, vm_page_deactivate_noreuse() did not yet
exist.  Use vm_page_deactivate_noreuse() instead of vm_page_deactivate(),
because it comes closer to freeing the page.

In collaboration with:	glebius
Discussed with:	gallatin, kib, markj
X-MFC after:	r324448

sys/kern/kern_sendfile.c

@@ -143,10 +143,23 @@ sendfile_free_page(vm_page_t pg, bool nocache)
 			vm_page_free(pg);
 		else if (nocache) {
 			if (!vm_page_xbusied(pg) && VM_OBJECT_TRYWLOCK(obj)) {
-				vm_page_free(pg);
+				bool freed;
+
+				/* Only free unmapped pages. */
+				if (obj->ref_count == 0 ||
+				    !pmap_page_is_mapped(pg))
+					/*
+					 * The busy test before the object is
+					 * locked cannot be relied upon.
+					 */
+					freed = vm_page_try_to_free(pg);
+				else
+					freed = false;
 				VM_OBJECT_WUNLOCK(obj);
+				if (!freed)
+					vm_page_deactivate_noreuse(pg);
 			} else
-				vm_page_deactivate(pg);
+				vm_page_deactivate_noreuse(pg);
 		}
 	}
 	vm_page_unlock(pg);