From nobody Tue Aug 09 19:56:51 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M2P3R4dMwz3j7RQ; Tue, 9 Aug 2022 19:56:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M2P3R45dLz3gTC; Tue, 9 Aug 2022 19:56:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660075011; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wrsU3DIQyL0qYcAaQrJnLocDUKM32ewPbdsjjlP1ZIc=; b=QcOYkA24J1sl/tGW+83tkphPaDiPlbxvBQukqXDBVoHMC3VGrnjquocXHb/RPdabeGqrmF RFWFe6Bdp3hlpOeAm0whi/x+PXbOMOx/a4eCE4j9ru9Qrg10ORg75RkGDyp0xWKEZXmF49 w8zAubwcB3aPIKqx3PH98Q9A7NOXAu4Vn0bDjLFOdx3t7768seKdj1ehtcGbV5LhIJMArF WSczEVkXtUuVf7gZBldELmmvGpDBLctpUmTb9rpnhhW82qPhW148L086tn4cVEl/uiv7Xe SNS7gcM7bjedDURnWDu8FAOjRbqMLL+ssXhMvQKP2xanNpjzFGdictN6raaqnA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M2P3R2ztGzkfk; Tue, 9 Aug 2022 19:56:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 279JupTc021106; Tue, 9 Aug 2022 19:56:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 279JupJY021105; Tue, 9 Aug 2022 19:56:51 GMT (envelope-from git) Date: Tue, 9 Aug 2022 19:56:51 GMT Message-Id: <202208091956.279JupJY021105@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 9a2a2871c490 - stable/12 - vm_fault: Shoot down shared mappings in vm_fault_copy_entry() List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 9a2a2871c4908cfe7012236912918622e0ed0b32 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660075011; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wrsU3DIQyL0qYcAaQrJnLocDUKM32ewPbdsjjlP1ZIc=; b=HoWIvSFIk3RyvgqYWMbHE+BmdW+CEBCMVnien0hK07XgalWOwyLKOWuMZvNbR21LPRRbmv xA42dTnIFQKQejoSDzxd30Jzir8YF80erYlhrPa0cGuDpe81U2fS+Risd+zGfQF9OJ9Oj1 pCKqvqRm5Cqxx/EKTOaliY7Bx8h1pgcWerM1f3+9Z8xx0Eo3qgLK0zWKoQwbHMHhiF0uXU XxAOwYeirGyKjnNb5xMR73gHP6/2jrgjn4Bgd2xztmLtexfy3xXe9Ck7f4czKVJmswQ01B ultILuvG2DK1jz9iDw56rOod6gzemzrpQe8rp3wa1WBwgYaIK2MgUUv4Go3xUw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1660075011; a=rsa-sha256; cv=none; b=c2QNaKzF96D6YLZaPG2pLlUIj5Mr/MJuZkOYQVI3rsoIfe59wes9HD5yAfzcWyykzaV2XJ /AzvFDL1J/sPhEVSewq8UEsgIDggVtwxC+BNeFOOmxk8vFgCijk6YV38xO/YiAsiSxUfgY wJ6cyCtmPcXBUDu5IMfhAyWNh8kD+tFjQAPRmv0wc1qAJ87Ao5BpRfkw54W9Tw/42DhbCK jBoBed7xFNYrlzuVErZ3b4Ee8k0ivnNqQEtzepFjTpmb28aFPy4vbyqqAGkz79KQ50IPLX jmyaomJOQlNS1axS8/KR0RXUBfyTMcH9P330/aUB4MKm/yme9qwv3BgzNwt3qA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=9a2a2871c4908cfe7012236912918622e0ed0b32 commit 9a2a2871c4908cfe7012236912918622e0ed0b32 Author: Mark Johnston AuthorDate: 2022-07-25 20:53:21 +0000 Commit: Mark Johnston CommitDate: 2022-08-09 19:46:38 +0000 vm_fault: Shoot down shared mappings in vm_fault_copy_entry() As in vm_fault_cow(), it's possible, albeit rare, for multiple vm_maps to share a shadow object. When copying a page from a backing object into the shadow, all mappings of the source page must therefore be removed. Otherwise, future operations on the object tree may detect that the source page is fully shadowed and thus can be freed. Approved by: so Security: FreeBSD-SA-22:11.vm Reviewed by: alc, kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35635 (cherry picked from commit 5c50e900ad779fccbf0a230bfb6a68a3e93ccf60) --- sys/vm/vm_fault.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index 7829b3691d83..efbe0b23f259 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -1884,6 +1884,13 @@ again: VM_OBJECT_WLOCK(dst_object); goto again; } + + /* + * See the comment in vm_fault_cow(). + */ + if (src_object == dst_object && + (object->flags & OBJ_ONEMAPPING) == 0) + pmap_remove_all(src_m); pmap_copy_page(src_m, dst_m); VM_OBJECT_RUNLOCK(object); dst_m->dirty = dst_m->valid = src_m->valid;