>Number:         24595
>Category:       kern
>Synopsis:       uvm_fault: writable mapping for loaned out page
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Feb 29 02:56:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Stephan Uphoff
>Release:        current
>Organization:
>Environment:
N/A
>Description:
uvm_fault can pmap_enter pages in the neighborhood of the fault
address. (Based on memory advise of the corresponding map entry)

Unfortunately it does not check the loan count while
mapping object pages for the fault neighborhood.
( Anon pages are checked - page at fault address is checked ) 

This can cause loaned out object pages to be write mapped.

>How-To-Repeat:

>Fix:
Check the loan count - skip pmap_enter or map read only
>Release-Note:
>Audit-Trail:
>Unformatted: