From nobody Tue Dec 28 00:43:58 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0684E1919505; Tue, 28 Dec 2021 00:43:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JNG4Z4zd5z3KHg; Tue, 28 Dec 2021 00:43:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8C8C127E31; Tue, 28 Dec 2021 00:43:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1BS0hw7N077982; Tue, 28 Dec 2021 00:43:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1BS0hw16077981; Tue, 28 Dec 2021 00:43:58 GMT (envelope-from git) Date: Tue, 28 Dec 2021 00:43:58 GMT Message-Id: <202112280043.1BS0hw16077981@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 0fc6eebbf763 - stable/13 - vm_fault: Fix vm_fault_populate()'s handling of VM_FAULT_WIRE List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 0fc6eebbf76334602c418d3e7bd780dd28b11507 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1640652238; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HA/gx6PozddL6zuTZ9WGXmlKSJqXiwkWH82oWgfgRnc=; b=a4e/uQpfg2U3Jw49ln93PcmucORs4hySOnLQqpX4FyaLnCzL9DCni56pcPNlrD6LeBtfg3 dKmUhDBXIuNJv5paZ0KIbvLhueafJD3c6ELeODzhvuGHw7Nbb8KNjmyZVjY1X8PKlTLgpL 2cT3CpUFB4xfB3hSBiS2ShntstMH8tR9ifG1DHTH6zqa5+L8IGUDJXU+APtz1GfGka4pK0 r9kUQqmToZXnxPBV2VahDe6nxNDs9kWBNHtYZ5JFPoniIsbYce23OzfuSAbwpDqfZ6VARv bywcfCsOxuLlD8m7j0QEJVzX7iCnJtt+9IAqC9nkkpEAuTgeTk80LqkXc12Hew== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1640652238; a=rsa-sha256; cv=none; b=d8snLCZ0R9FkRHAv/Ga3DfvsfH9LOVUyePm2LH+6W9NAYq1JQED577Bfm+apJiOwp0vVkm HANxZNW8LWGzjsx53ZZg4HJJSVBq1+8PpJMGqCCTIIJ+ReKycHbimkStQEzkmL4eXfJx+V RwxUutt8T+SwEZwYAvE7ErIfXyGLMNORKbUAugyUShb/PSMrTUISHHIZe7oxG4mrpCUW4u 4AkcsLGqXS+mAMZ6uO2P94sa5goAl8yZ7L4xi2nur4oBGPtMRT7dhkHrhXMbAdr+1KmPWF 5+pNvx5XsBoMbASglum9S8I3KtYI161ppRMXsbJkKuuLwH/2fJlF0GPAAyEYew== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=0fc6eebbf76334602c418d3e7bd780dd28b11507 commit 0fc6eebbf76334602c418d3e7bd780dd28b11507 Author: Mark Johnston AuthorDate: 2021-12-14 20:10:46 +0000 Commit: Mark Johnston CommitDate: 2021-12-28 00:36:07 +0000 vm_fault: Fix vm_fault_populate()'s handling of VM_FAULT_WIRE vm_map_wire() works by calling vm_fault(VM_FAULT_WIRE) on each page in the rage. (For largepage mappings, it calls vm_fault() once per large page.) A pager's populate method may return more than one page to be mapped. If VM_FAULT_WIRE is also specified, we'd wire each page in the run, not just the fault page. Consider an object with two pages mapped in a vm_map_entry, and suppose vm_map_wire() is called on the entry. Then, the first vm_fault() would allocate and wire both pages, and the second would encounter a valid page upon lookup and wire it again in the regular fault handler. So the second page is wired twice and will be leaked when the object is destroyed. Fix the problem by modify vm_fault_populate() to wire only the fault page. Also modify the error handler for pmap_enter(psind=1) to not test fs->wired, since it must be false. PR: 260347 Reviewed by: alc, kib Sponsored by: The FreeBSD Foundation (cherry picked from commit 88642d978a999aaa3752e86d2f54b1a6aba7fc85) --- sys/vm/vm_fault.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index 6445f7af59a1..41346f8635ea 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -597,21 +597,23 @@ vm_fault_populate(struct faultstate *fs) (psind > 0 && rv == KERN_PROTECTION_FAILURE)); if (__predict_false(psind > 0 && rv == KERN_PROTECTION_FAILURE)) { + MPASS(!fs->wired); for (i = 0; i < npages; i++) { rv = pmap_enter(fs->map->pmap, vaddr + ptoa(i), - &m[i], fs->prot, fs->fault_type | - (fs->wired ? PMAP_ENTER_WIRED : 0), 0); + &m[i], fs->prot, fs->fault_type, 0); MPASS(rv == KERN_SUCCESS); } } VM_OBJECT_WLOCK(fs->first_object); for (i = 0; i < npages; i++) { - if ((fs->fault_flags & VM_FAULT_WIRE) != 0) + if ((fs->fault_flags & VM_FAULT_WIRE) != 0 && + m[i].pindex == fs->first_pindex) vm_page_wire(&m[i]); else vm_page_activate(&m[i]); - if (fs->m_hold != NULL && m[i].pindex == fs->first_pindex) { + if (fs->m_hold != NULL && + m[i].pindex == fs->first_pindex) { (*fs->m_hold) = &m[i]; vm_page_wire(&m[i]); }