Subject: bug in amap_wiperange?
To: None <tech-kern@netbsd.org>
From: enami tsugutomo <enami@sm.sony.co.jp>
List: tech-kern
Date: 11/26/2001 09:34:24
While reading uvm_amap.c, i found two questionable code in
amap_wiperange() when byanon == FALSE.
(1) There is a check `curslot >= stop', where `stop' is an initial
value of amap->am_nused. Since it is number of slot used,
comparing it against `curslot' doesn't make sense. I guess it
should be `slotoff + slots'.
(2) When we remove a slot, we shouldn't advance an index `lcv' since
we'll copy the last entry in am_slots[]. I guess, we should stay
there instead.
enami.
Index: uvm_amap.c
===================================================================
RCS file: /cvsroot/syssrc/sys/uvm/uvm_amap.c,v
retrieving revision 1.37
diff -c -r1.37 uvm_amap.c
*** uvm_amap.c 2001/11/10 07:36:59 1.37
--- uvm_amap.c 2001/11/26 00:32:30
***************
*** 990,996 ****
struct vm_amap *amap;
int slotoff, slots;
{
! int byanon, lcv, stop, curslot, ptr;
struct vm_anon *anon;
/*
--- 1011,1017 ----
struct vm_amap *amap;
int slotoff, slots;
{
! int byanon, lcv, stop, curslot, ptr, slotstop;
struct vm_anon *anon;
/*
***************
*** 1006,1024 ****
byanon = FALSE;
lcv = 0;
stop = amap->am_nused;
}
! for (; lcv < stop; lcv++) {
int refs;
if (byanon) {
! if (amap->am_anon[lcv] == NULL)
continue;
- curslot = lcv;
} else {
curslot = amap->am_slots[lcv];
! if (curslot < slotoff || curslot >= stop)
continue;
}
anon = amap->am_anon[curslot];
--- 1027,1049 ----
byanon = FALSE;
lcv = 0;
stop = amap->am_nused;
+ slotstop = slotoff + slots;
}
! for (; lcv < stop;) {
int refs;
if (byanon) {
! curslot = lcv++;
! if (amap->am_anon[curslot] == NULL)
continue;
} else {
curslot = amap->am_slots[lcv];
! if (curslot < slotoff || curslot >= slotstop) {
! lcv++;
continue;
+ }
+ stop--;
}
anon = amap->am_anon[curslot];