From a505393fd1a1920367affae433de8573462fe68c Mon Sep 17 00:00:00 2001
From: Matthew Dillon <dillon@apollo.backplane.com>
Date: Tue, 1 Nov 2011 23:42:06 -0700
Subject: [PATCH] kernel - Fix x86-64 pmap race

* Fix a x86-64 pmap race where a pte can get ripped out from under
  the pmap_remove*() code.  Recheck the pte after locking pt_pv.
---
 sys/platform/pc64/x86_64/pmap.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/sys/platform/pc64/x86_64/pmap.c b/sys/platform/pc64/x86_64/pmap.c
index ce6e44e43f..2ef1346075 100644
--- a/sys/platform/pc64/x86_64/pmap.c
+++ b/sys/platform/pc64/x86_64/pmap.c
@@ -2801,6 +2801,17 @@ kernel_skip:
 				pte_pv = pv_get(pmap, pmap_pte_pindex(sva));
 			}
 
+			/*
+			 * *ptep can get ripped out while we were blocked.
+			 */
+			if (*ptep == 0) {
+				if (pte_pv) {
+					pv_put(pte_pv);
+					pte_pv = NULL;
+				}
+				continue;
+			}
+
 			/*
 			 * Ready for the callback.  The locked pte_pv (if
 			 * not NULL) is consumed by the callback.
-- 
2.41.0