CVS commit: syssrc

[Jason R Thorpe <thorpej%netbsd.org@localhost>]

Module Name:    syssrc
Committed By:   thorpej
Date:           Wed Jun 16 23:02:40 UTC 1999

Modified Files:
        syssrc/sys/uvm: uvm_fault.c

Log Message:
When unwiring a range in uvm_fault_unwire_locked(), don't call
pmap_change_wiring(...,FALSE) unless the map entry claims the address
is unwired.  This fixes the following scenario, as described on
tech-kern%netbsd.org@localhost on Wed 6/16/1999 12:25:23:

        - User mlock(2)'s a buffer, to guarantee it will never become
          non-resident while he is using it.

        - User then does physio to that buffer.  Physio calls uvm_vslock()
          to lock down the pages and ensure that page faults do not happen
          while the I/O is in progress (possibly in interrupt context).

        - Physio does the I/O.

        - Physio calls uvm_vsunlock().  This calls uvm_fault_unwire().

          >>> HERE IS WHERE THE PROBLEM OCCURS <<<

          uvm_fault_unwire() calls pmap_change_wiring(..., FALSE),
          which now gives the pmap free reign to recycle the mapping
          information for that page, which is illegal; the mapping is
          still wired (due to the mlock(2)), but now access of the
          page could cause a non-protection page fault (disallowed).

          NOTE: This could eventually lead to a panic when the user
          subsequently munlock(2)'s the buffer and the mapping info
          has been recycled for use by another mapping!


To generate a diff of this commit:
cvs rdiff -r1.36 -r1.37 syssrc/sys/uvm/uvm_fault.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.