Date: Sat, 5 Feb 2011 21:21:28 +0000 (UTC) From: Alan Cox <alc@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r218345 - in head/sys: fs/nfsserver nfsserver security/mac vm Message-ID: <201102052121.p15LLSci041290@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: alc Date: Sat Feb 5 21:21:27 2011 New Revision: 218345 URL: http://svn.freebsd.org/changeset/base/218345 Log: Unless "cnt" exceeds MAX_COMMIT_COUNT, nfsrv_commit() and nfsvno_fsync() are incorrectly calling vm_object_page_clean(). They are passing the length of the range rather than the ending offset of the range. Perform the OFF_TO_IDX() conversion in vm_object_page_clean() rather than the callers. Reviewed by: kib MFC after: 3 weeks Modified: head/sys/fs/nfsserver/nfs_nfsdport.c head/sys/nfsserver/nfs_serv.c head/sys/security/mac/mac_process.c head/sys/vm/vm_object.c head/sys/vm/vm_object.h Modified: head/sys/fs/nfsserver/nfs_nfsdport.c ============================================================================== --- head/sys/fs/nfsserver/nfs_nfsdport.c Sat Feb 5 21:02:13 2011 (r218344) +++ head/sys/fs/nfsserver/nfs_nfsdport.c Sat Feb 5 21:21:27 2011 (r218345) @@ -1225,7 +1225,8 @@ nfsvno_fsync(struct vnode *vp, u_int64_t if (vp->v_object && (vp->v_object->flags & OBJ_MIGHTBEDIRTY)) { VM_OBJECT_LOCK(vp->v_object); - vm_object_page_clean(vp->v_object, off / PAGE_SIZE, (cnt + PAGE_MASK) / PAGE_SIZE, OBJPC_SYNC); + vm_object_page_clean(vp->v_object, off, off + cnt, + OBJPC_SYNC); VM_OBJECT_UNLOCK(vp->v_object); } Modified: head/sys/nfsserver/nfs_serv.c ============================================================================== --- head/sys/nfsserver/nfs_serv.c Sat Feb 5 21:02:13 2011 (r218344) +++ head/sys/nfsserver/nfs_serv.c Sat Feb 5 21:21:27 2011 (r218345) @@ -3480,7 +3480,8 @@ nfsrv_commit(struct nfsrv_descript *nfsd if (vp->v_object && (vp->v_object->flags & OBJ_MIGHTBEDIRTY)) { VM_OBJECT_LOCK(vp->v_object); - vm_object_page_clean(vp->v_object, off / PAGE_SIZE, (cnt + PAGE_MASK) / PAGE_SIZE, OBJPC_SYNC); + vm_object_page_clean(vp->v_object, off, off + cnt, + OBJPC_SYNC); VM_OBJECT_UNLOCK(vp->v_object); } Modified: head/sys/security/mac/mac_process.c ============================================================================== --- head/sys/security/mac/mac_process.c Sat Feb 5 21:02:13 2011 (r218344) +++ head/sys/security/mac/mac_process.c Sat Feb 5 21:21:27 2011 (r218345) @@ -338,11 +338,8 @@ mac_proc_vm_revoke_recurse(struct thread (void) vn_start_write(vp, &mp, V_WAIT); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); VM_OBJECT_LOCK(object); - vm_object_page_clean(object, - OFF_TO_IDX(offset), - OFF_TO_IDX(offset + vme->end - vme->start + - PAGE_MASK), - OBJPC_SYNC); + vm_object_page_clean(object, offset, offset + + vme->end - vme->start, OBJPC_SYNC); VM_OBJECT_UNLOCK(object); VOP_UNLOCK(vp, 0); vn_finished_write(mp); Modified: head/sys/vm/vm_object.c ============================================================================== --- head/sys/vm/vm_object.c Sat Feb 5 21:02:13 2011 (r218344) +++ head/sys/vm/vm_object.c Sat Feb 5 21:21:27 2011 (r218345) @@ -795,11 +795,11 @@ vm_object_page_remove_write(vm_page_t p, * The object must be locked. */ void -vm_object_page_clean(vm_object_t object, vm_pindex_t start, vm_pindex_t end, +vm_object_page_clean(vm_object_t object, vm_ooffset_t start, vm_ooffset_t end, int flags) { vm_page_t np, p; - vm_pindex_t pi, tend; + vm_pindex_t pi, tend, tstart; int clearobjflags, curgeneration, n, pagerflags; mtx_assert(&vm_page_queue_mtx, MA_NOTOWNED); @@ -813,13 +813,14 @@ vm_object_page_clean(vm_object_t object, VM_PAGER_PUT_SYNC : VM_PAGER_CLUSTER_OK; pagerflags |= (flags & OBJPC_INVAL) != 0 ? VM_PAGER_PUT_INVAL : 0; - tend = (end == 0) ? object->size : end; - clearobjflags = start == 0 && tend == object->size; + tstart = OFF_TO_IDX(start); + tend = (end == 0) ? object->size : OFF_TO_IDX(end + PAGE_MASK); + clearobjflags = tstart == 0 && tend >= object->size; rescan: curgeneration = object->generation; - for (p = vm_page_find_least(object, start); p != NULL; p = np) { + for (p = vm_page_find_least(object, tstart); p != NULL; p = np) { pi = p->pindex; if (pi >= tend) break; @@ -941,10 +942,7 @@ vm_object_sync(vm_object_t object, vm_oo flags = (syncio || invalidate) ? OBJPC_SYNC : 0; flags |= invalidate ? OBJPC_INVAL : 0; VM_OBJECT_LOCK(object); - vm_object_page_clean(object, - OFF_TO_IDX(offset), - OFF_TO_IDX(offset + size + PAGE_MASK), - flags); + vm_object_page_clean(object, offset, offset + size, flags); VM_OBJECT_UNLOCK(object); VOP_UNLOCK(vp, 0); VFS_UNLOCK_GIANT(vfslocked); Modified: head/sys/vm/vm_object.h ============================================================================== --- head/sys/vm/vm_object.h Sat Feb 5 21:02:13 2011 (r218344) +++ head/sys/vm/vm_object.h Sat Feb 5 21:21:27 2011 (r218345) @@ -217,7 +217,8 @@ void vm_object_destroy (vm_object_t); void vm_object_terminate (vm_object_t); void vm_object_set_writeable_dirty (vm_object_t); void vm_object_init (void); -void vm_object_page_clean (vm_object_t, vm_pindex_t, vm_pindex_t, boolean_t); +void vm_object_page_clean(vm_object_t object, vm_ooffset_t start, + vm_ooffset_t end, int flags); void vm_object_page_remove (vm_object_t, vm_pindex_t, vm_pindex_t, boolean_t); boolean_t vm_object_populate(vm_object_t, vm_pindex_t, vm_pindex_t); void vm_object_print(long addr, boolean_t have_addr, long count, char *modif);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102052121.p15LLSci041290>