From 3087914d56ff1d0b1369eb6710964ecd40f1ff8b Mon Sep 17 00:00:00 2001 From: mpi Date: Sat, 6 Apr 2024 10:59:52 +0000 Subject: [PATCH] Prevent accounting bug when an anon w/ swap slot is passed to uvm_anon_release() uvm_anon_release() is always called for anon that have an associated page so decrementing `uvmexp.swpgonly' is incorrect. This happened because the page was cleared before calling uvm_anfree(). Reported by many including mvs@, miod@ and robert@ ok kettenis@, miod@ --- sys/uvm/uvm_anon.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/uvm/uvm_anon.c b/sys/uvm/uvm_anon.c index 4c4bf8eef3a..0fc2a0c899c 100644 --- a/sys/uvm/uvm_anon.c +++ b/sys/uvm/uvm_anon.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_anon.c,v 1.57 2023/10/27 19:13:51 mpi Exp $ */ +/* $OpenBSD: uvm_anon.c,v 1.58 2024/04/06 10:59:52 mpi Exp $ */ /* $NetBSD: uvm_anon.c,v 1.10 2000/11/25 06:27:59 chs Exp $ */ /* @@ -260,7 +260,8 @@ uvm_anon_release(struct vm_anon *anon) uvm_unlock_pageq(); KASSERT(anon->an_page == NULL); lock = anon->an_lock; - uvm_anfree(anon); + uvm_anon_dropswap(anon); + pool_put(&uvm_anon_pool, anon); rw_exit(lock); /* Note: extra reference is held for PG_RELEASED case. */ rw_obj_free(lock); -- 2.20.1