From owner-freebsd-bugs  Sun Dec 17 23:00:04 1995
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id XAA07653
          for bugs-outgoing; Sun, 17 Dec 1995 23:00:04 -0800 (PST)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id XAA07630
          Sun, 17 Dec 1995 23:00:02 -0800 (PST)
Resent-Date: Sun, 17 Dec 1995 23:00:02 -0800 (PST)
Resent-Message-Id: <199512180700.XAA07630@freefall.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, aagero@aage.aage.priv.no
Received: from birk04.studby.uio.no (root@birk04.studby.uio.no [129.240.214.13])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id WAA07581
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 17 Dec 1995 22:58:21 -0800 (PST)
Received: (from aagero@localhost) by birk04.studby.uio.no (8.7.3/FreeBSD1.0æøå) id HAA12860; Mon, 18 Dec 1995 07:58:18 +0100 (MET)
Message-Id: <199512180658.HAA12860@birk04.studby.uio.no>
Date: Mon, 18 Dec 1995 07:58:18 +0100 (MET)
From: aagero@aage.aage.priv.no
Reply-To: aagero@aage.aage.priv.no
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: kern/901: busy pages get free'd by vm_page_free
Sender: owner-bugs@freebsd.org
Precedence: bulk


>Number:         901
>Category:       kern
>Synopsis:       vm_page_free frees wrong pages in vfs_bio.c
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Dec 17 23:00:01 PST 1995
>Last-Modified:
>Originator:     Åge Røbekk
>Organization:
>Release:        FreeBSD 2.2-CURRENT i386
>Environment:

FreeBSD-CURRENT 14. dec. sources.

>Description:

vm_page_free() in vfs_bio.c has an incorrent index of the free(?) pages. When
vm_hold_free_pages() calls vm_page_free() it points to the wrong page due to
the index being a signed datatype.

>How-To-Repeat:

Do a lot of activity, in order to get the paging moving. Usually ls -lR / has
been sufficient.

>Fix:

Apply the included patch.
	
--- kern/vfs_bio.c      Sun Dec 17 02:51:17 1995
+++ kern/vfs_bio.c~     Sun Dec 17 02:51:04 1995
@@ -1634,7 +1634,7 @@
        vm_offset_t to = round_page(toa);
 
        for (pg = from; pg < to; pg += PAGE_SIZE) {
-               int index = ((caddr_t) pg - bp->b_data) >> PAGE_SHIFT;
+               unsigned int index = ((caddr_t) pg - bp->b_data) >> PAGE_SHIFT;
                p = bp->b_pages[index];
                bp->b_pages[index] = 0;
                pmap_kremove(pg);

>Audit-Trail:
>Unformatted: