When pmap_page_remove() is called by UVM, a physical page is to be

removed from pmaps it currently is in.  To check if a virtual address
pointing to that physical page has been mapped, the code uses
the l2pte_valid() function.  Unfortunately there is a difference
between being valid and the PTE being zero.  If a page is mapped
but has never been accessed, it will be non-zero but invalid.

In that case the PTE for that virtual address will not be zeroed
and the virtual address will be removed from the vm page struct.

The next time someone tries to map a page to that virtual address,
other pmap code will consider the virtual address to be already
mapped, even though that assumption is completely wrong.

To make sure this does not happen, check the PTE for zero.  This way
the PTE will be zeroed correctly.  The check for zero is how other
ARM pmap code also handles this issue.

ok kettenis@ tom@

diff --git a/sys/arch/arm/arm/pmap7.c b/sys/arch/arm/arm/pmap7.c
index 0d32bf9..c341432 100644 (file)
--- a/sys/arch/arm/arm/pmap7.c
+++ b/sys/arch/arm/arm/pmap7.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pmap7.c,v 1.27 2016/07/19 02:26:15 tom Exp $  */
+/*     $OpenBSD: pmap7.c,v 1.28 2016/07/27 21:12:49 patrick Exp $      */
 /*     $NetBSD: pmap.c,v 1.147 2004/01/18 13:03:50 scw Exp $   */
 
 /*
@@ -1155,7 +1155,7 @@ pmap_page_remove(struct vm_page *pg)
                KDASSERT(l2b != NULL);
 
                ptep = &l2b->l2b_kva[l2pte_index(pv->pv_va)];
-               if (l2pte_valid(*ptep)) {
+               if (*ptep != 0) {
                        pte = *ptep;
 
                        /* inline pmap_is_current(pm) */