On Wed, May 30, 2012 at 09:33:38PM -0700, Philip Guenther wrote:
> The problem was in the handling of munlock(addr, 0). The zero length case
> wasn't detected, resulting in an iterator being started after its end
> point. :-/
>
> The diff below fixes the code to have munlock() return success when len==0
> and adds an assertion to catch the iterators getting screwed up by other
> means. With this, I was unable to get bitcoind to crash my system.
Weird case... okay by me.
>
>
> Philip
>
> Index: uvm/uvm_map.c
> ===================================================================
> RCS file: /cvs/src/sys/uvm/uvm_map.c,v
> retrieving revision 1.153
> diff -u -p -r1.153 uvm_map.c
> --- uvm/uvm_map.c 19 Apr 2012 12:42:03 -0000 1.153
> +++ uvm/uvm_map.c 31 May 2012 04:30:19 -0000
> @@ -2054,6 +2054,8 @@ uvm_map_pageable(struct vm_map *map, vad
>
> if (start > end)
> return EINVAL;
> + if (start == end)
> + return 0; /* nothing to do */
> if (start < map->min_offset)
> return EFAULT; /* why? see first XXX below */
> if (end > map->max_offset)
> @@ -2106,8 +2108,10 @@ uvm_map_pageable(struct vm_map *map, vad
> error = EINVAL;
> goto out;
> }
> - } else
> + } else {
> + KASSERT(last != first);
> last = RB_PREV(uvm_map_addr, &map->addr, last);
> + }
>
> /*
> * Wire/unwire pages here.
