From 784a620ee32e887ac9fba0f07c5dfa2cb850988f Mon Sep 17 00:00:00 2001
From: alc <alc@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Fri, 17 Apr 2009 16:42:03 +0000
Subject: [PATCH] MFC r175055   Defer setting either PG_CACHED or PG_FREE until
 after the free page   queues lock is acquired.  Otherwise, the state of a
 reservation's   pages' flags and its population count can be inconsistent. 
 That could   result in a page being freed twice.

(This change should have been included in the MFC of the superpages
support.)

Thanks to:	pho for an illuminating crash

Approved by:	re (kib)


git-svn-id: svn://svn.freebsd.org/base/releng/7.2@191209 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 sys/vm/vm_page.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/vm/vm_page.c b/sys/vm/vm_page.c
index 97633d4b..6204e9cc 100644
--- a/sys/vm/vm_page.c
+++ b/sys/vm/vm_page.c
@@ -1402,8 +1402,8 @@ vm_page_free_toq(vm_page_t m)
 		m->flags &= ~PG_ZERO;
 		vm_page_enqueue(PQ_HOLD, m);
 	} else {
-		m->flags |= PG_FREE;
 		mtx_lock(&vm_page_queue_free_mtx);
+		m->flags |= PG_FREE;
 		cnt.v_free_count++;
 #if VM_NRESERVLEVEL > 0
 		if (!vm_reserv_free_page(m))
@@ -1654,9 +1654,9 @@ vm_page_cache(vm_page_t m)
 	 * Insert the page into the object's collection of cached pages
 	 * and the physical memory allocator's cache/free page queues.
 	 */
-	vm_page_flag_set(m, PG_CACHED);
 	vm_page_flag_clear(m, PG_ZERO);
 	mtx_lock(&vm_page_queue_free_mtx);
+	m->flags |= PG_CACHED;
 	cnt.v_cache_count++;
 	root = object->cache;
 	if (root == NULL) {
-- 
2.42.0