Merge branch 'master' into signal-dev

[lunaix-os.git] / lunaix-os / kernel / mm / pmm.c

diff --git a/lunaix-os/kernel/mm/pmm.c b/lunaix-os/kernel/mm/pmm.c
index efb9dc8d36c67f169bec85ff80ff4b5ac1e035f2..ad80dbf95394c0aafcc4b8fa56c045d87839434d 100644 (file)
--- a/lunaix-os/kernel/mm/pmm.c
+++ b/lunaix-os/kernel/mm/pmm.c
@@ -97,7 +97,6 @@ pmm_alloc_page(pid_t owner, pp_attr_t attr)
     while (!good_page_found && pg_lookup_ptr < upper_lim) {
         pm = &pm_table[pg_lookup_ptr];
 
-        // skip the fully occupied chunk, reduce # of iterations
         if (!pm->ref_counts) {
             *pm = (struct pp_struct) {
                 .attr = attr,
@@ -105,6 +104,7 @@ pmm_alloc_page(pid_t owner, pp_attr_t attr)
                 .ref_counts = 1
             };
             good_page_found = pg_lookup_ptr << 12;
+            break;
         } else {
             pg_lookup_ptr++;
 
@@ -129,17 +129,14 @@ pmm_free_page(pid_t owner, void* page)
 {
     struct pp_struct* pm = &pm_table[(intptr_t)page >> 12];
     
-    // Oops, double free!
-    if (!(pm->ref_counts)) {
+    // Is this a MMIO mapping or double free?
+    if (((intptr_t)page >> 12) >= max_pg || !(pm->ref_counts)) {
         return 0;
     }
 
-    // 检查权限，保证：1) 用户只能释放用户页； 2) 内核可释放所有页。
-    if ((pm->owner & owner) == pm->owner) {
-        pm->ref_counts--;
-        return 1;
-    }
-    return 0;
+    // TODO: 检查权限，保证：1) 只有正在使用该页（包括被分享者）的进程可以释放； 2) 内核可释放所有页。
+    pm->ref_counts--;
+    return 1;
 }
 
 int pmm_ref_page(pid_t owner, void* page) {
@@ -152,7 +149,7 @@ int pmm_ref_page(pid_t owner, void* page) {
     }
 
     struct pp_struct* pm = &pm_table[ppn];
-    if (!pm->ref_counts) {
+    if (ppn >= max_pg || !pm->ref_counts) {
         return 0;
     }