kernel - Fix long-standing vm_map token panic
authorMatthew Dillon <dillon@apollo.backplane.com>
Thu, 16 Aug 2012 17:46:33 +0000 (10:46 -0700)
committerMatthew Dillon <dillon@apollo.backplane.com>
Tue, 21 Aug 2012 03:59:23 +0000 (20:59 -0700)
* Bug turned out to be an error path in vm_map_find().

* This bug ate a lot of hours from several people, but Antonio was able
  to instrument the token path in a way that allowed us to narrow down
  and locate the problem.

Submitted-by: tuxillo, vsrinivas
Debugging-by: tuxillo
sys/vm/vm_map.c

index e3fd77e..a1da959 100644 (file)
@@ -1266,6 +1266,8 @@ vm_map_find(vm_map_t map, vm_object_t object, vm_ooffset_t offset,
                vm_object_hold(object);
        if (fitit) {
                if (vm_map_findspace(map, start, length, align, 0, addr)) {
+                       if (object)
+                               vm_object_drop(object);
                        vm_map_unlock(map);
                        vm_map_entry_release(count);
                        return (KERN_NO_SPACE);