git: d7bc2ee3dedd - stable/15 - vm_object_coalesce(): check that coalescing does not revive stale pages

The branch stable/15 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=d7bc2ee3dedde2a9188234a563c4259c480d2664

commit d7bc2ee3dedde2a9188234a563c4259c480d2664
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-11-22 18:43:57 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-12-24 00:33:00 +0000

    vm_object_coalesce(): check that coalescing does not revive stale pages
    
    (cherry picked from commit f94bfc469df9a2bc78ed15cc42525d09e3413e0b)
---
 sys/vm/vm_object.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c
index 413ba5459e3d..117900135ac3 100644
--- a/sys/vm/vm_object.c
+++ b/sys/vm/vm_object.c
@@ -2244,6 +2244,23 @@ vm_object_coalesce(vm_object_t prev_object, vm_ooffset_t prev_offset,
 	if (next_pindex + next_size > prev_object->size)
 		prev_object->size = next_pindex + next_size;
 
+#ifdef INVARIANTS
+	/*
+	 * Re-check: there must be no pages in the next range backed
+	 * by prev_entry's object.  Otherwise, the resulting
+	 * corruption is same as faulting in a non-zeroed page.
+	 */
+	if (vm_check_pg_zero) {
+		vm_pindex_t pidx;
+
+		pidx = swap_pager_seek_data(prev_object, next_pindex);
+		KASSERT(pidx >= next_pindex + next_size,
+		    ("found obj %p pindex %#jx e %#jx %#jx %#jx",
+		    prev_object, pidx, (uintmax_t)prev_offset,
+		    (uintmax_t)prev_size, (uintmax_t)next_size));
+	}
+#endif
+
 	VM_OBJECT_WUNLOCK(prev_object);
 	return (TRUE);
 }