Correct a critical accounting error in pmap_demote_pde(). Specifically,

when pmap_demote_pde() allocates a page table page to implement a user-space demotion, it must increment the pmap's resident page count. Not doing so, can lead to an underflow during address space termination that causes pmap_remove() to exit prematurely, before it has destroyed all of the mappings within the specified range. The ultimate effect or symptom of this error is an assertion failure in vm_page_free_toq() because the page being freed is still mapped. This error is only possible when superpage promotion is enabled. Thus, it only affects FreeBSD versions greater than 7.2. Tested by: pho, alc Reviewed by: alc Approved by: re (rwatson) MFC after: 1 week
2009-08-17 13:27:55 +00:00 · 2009-08-17 13:27:55 +00:00 · 78d3e2f45a
commit 78d3e2f45a
parent 75d3b6b740
1 changed files with 2 additions and 0 deletions
--- a/sys/amd64/amd64/pmap.c
+++ b/sys/amd64/amd64/pmap.c
@ -2261,6 +2261,8 @@ pmap_demote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va)
 			    " in pmap %p", va, pmap);
 			return (FALSE);
 		}
+		if (va < VM_MAXUSER_ADDRESS)
+			pmap->pm_stats.resident_count++;
 	}
 	mptepa = VM_PAGE_TO_PHYS(mpte);
 	firstpte = (pt_entry_t *)PHYS_TO_DMAP(mptepa);