From owner-svn-src-stable@FreeBSD.ORG  Mon Jul 25 18:46:54 2011
Return-Path: <owner-svn-src-stable@FreeBSD.ORG>
Delivered-To: svn-src-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BDC6B106564A;
	Mon, 25 Jul 2011 18:46:54 +0000 (UTC)
	(envelope-from marius@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 934398FC19;
	Mon, 25 Jul 2011 18:46:54 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p6PIkstX071495;
	Mon, 25 Jul 2011 18:46:54 GMT (envelope-from marius@svn.freebsd.org)
Received: (from marius@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id p6PIksDM071492;
	Mon, 25 Jul 2011 18:46:54 GMT (envelope-from marius@svn.freebsd.org)
Message-Id: <201107251846.p6PIksDM071492@svn.freebsd.org>
From: Marius Strobl <marius@FreeBSD.org>
Date: Mon, 25 Jul 2011 18:46:54 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
X-SVN-Group: stable-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r224376 - in stable/8/sys: kern sparc64/sparc64
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
	<svn-src-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable>, 
	<mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
	<mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2011 18:46:54 -0000

Author: marius
Date: Mon Jul 25 18:46:54 2011
New Revision: 224376
URL: http://svn.freebsd.org/changeset/base/224376

Log:
  MFC: r223795
  
  Call pmap_qremove() before freeing or unwiring the pages, otherwise
  there's a window during which a page can be re-used before its previous
  mapping is removed.
  
  Reviewed by:	alc

Modified:
  stable/8/sys/kern/vfs_bio.c
  stable/8/sys/sparc64/sparc64/pmap.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)
  stable/8/sys/geom/label/   (props changed)

Modified: stable/8/sys/kern/vfs_bio.c
==============================================================================
--- stable/8/sys/kern/vfs_bio.c	Mon Jul 25 18:44:46 2011	(r224375)
+++ stable/8/sys/kern/vfs_bio.c	Mon Jul 25 18:46:54 2011	(r224376)
@@ -1602,6 +1602,7 @@ vfs_vmio_release(struct buf *bp)
 	int i;
 	vm_page_t m;
 
+	pmap_qremove(trunc_page((vm_offset_t)bp->b_data), bp->b_npages);
 	VM_OBJECT_LOCK(bp->b_bufobj->bo_object);
 	vm_page_lock_queues();
 	for (i = 0; i < bp->b_npages; i++) {
@@ -1638,7 +1639,6 @@ vfs_vmio_release(struct buf *bp)
 	}
 	vm_page_unlock_queues();
 	VM_OBJECT_UNLOCK(bp->b_bufobj->bo_object);
-	pmap_qremove(trunc_page((vm_offset_t) bp->b_data), bp->b_npages);
 	
 	if (bp->b_bufsize) {
 		bufspacewakeup();
@@ -2995,6 +2995,10 @@ allocbuf(struct buf *bp, int size)
 			if (desiredpages < bp->b_npages) {
 				vm_page_t m;
 
+				pmap_qremove((vm_offset_t)trunc_page(
+				    (vm_offset_t)bp->b_data) +
+				    (desiredpages << PAGE_SHIFT),
+				    (bp->b_npages - desiredpages));
 				VM_OBJECT_LOCK(bp->b_bufobj->bo_object);
 				vm_page_lock_queues();
 				for (i = desiredpages; i < bp->b_npages; i++) {
@@ -3014,8 +3018,6 @@ allocbuf(struct buf *bp, int size)
 				}
 				vm_page_unlock_queues();
 				VM_OBJECT_UNLOCK(bp->b_bufobj->bo_object);
-				pmap_qremove((vm_offset_t) trunc_page((vm_offset_t)bp->b_data) +
-				    (desiredpages << PAGE_SHIFT), (bp->b_npages - desiredpages));
 				bp->b_npages = desiredpages;
 			}
 		} else if (size > bp->b_bcount) {

Modified: stable/8/sys/sparc64/sparc64/pmap.c
==============================================================================
--- stable/8/sys/sparc64/sparc64/pmap.c	Mon Jul 25 18:44:46 2011	(r224375)
+++ stable/8/sys/sparc64/sparc64/pmap.c	Mon Jul 25 18:46:54 2011	(r224376)
@@ -1290,6 +1290,7 @@ pmap_release(pmap_t pm)
 			pc->pc_pmap = NULL;
 	mtx_unlock_spin(&sched_lock);
 
+	pmap_qremove((vm_offset_t)pm->pm_tsb, TSB_PAGES);
 	obj = pm->pm_tsb_obj;
 	VM_OBJECT_LOCK(obj);
 	KASSERT(obj->ref_count == 1, ("pmap_release: tsbobj ref count != 1"));
@@ -1307,7 +1308,6 @@ pmap_release(pmap_t pm)
 		vm_page_unlock_queues();
 	}
 	VM_OBJECT_UNLOCK(obj);
-	pmap_qremove((vm_offset_t)pm->pm_tsb, TSB_PAGES);
 	PMAP_LOCK_DESTROY(pm);
 }