From c4be9169c063c09509250e279bc791fd802b111f Mon Sep 17 00:00:00 2001
From: Konstantin Belousov <kib@FreeBSD.org>
Date: Tue, 13 Feb 2018 15:36:28 +0000
Subject: [PATCH] Do not leak rv->psind in some specific situations.

Suppose that we have an object with a mapped superpage, and that all
pages in the superpages are held (by some driver).  Additionally,
suppose that the object is terminated, e.g. because the only process
mapping it is exiting.  Then the reservation is broken, but the pages
cannot be freed until later, when they are unheld.  In this situation,
the reservation code cannot clean psind, since no pages are freed, and
the page is freed and then reused with invalid psind.

Clean psind on vm_reserv_break() to avoid the situation.

Reported and tested by:	Slava Shwartsman
Reviewed by:	markj
Sponsored by:	Mellanox Technologies
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D14335
---
 sys/vm/vm_reserv.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/vm/vm_reserv.c b/sys/vm/vm_reserv.c
index da7c36297302..faf1fc858299 100644
--- a/sys/vm/vm_reserv.c
+++ b/sys/vm/vm_reserv.c
@@ -949,6 +949,7 @@ vm_reserv_break(vm_reserv_t rv, vm_page_t m)
 
 	vm_domain_free_assert_locked(VM_DOMAIN(rv->domain));
 	vm_reserv_remove(rv);
+	rv->pages->psind = 0;
 	if (m != NULL) {
 		/*
 		 * Since the reservation is being broken, there is no harm in