From nobody Tue Aug 09 20:00:29 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M2P7d4qlrz3j8Mc; Tue, 9 Aug 2022 20:00:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M2P7d43hPz3jsD; Tue, 9 Aug 2022 20:00:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660075229; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UTT3aLo/1uXcJ3NjsYNFmtdF4xQGg01Nq+qgGR+iKHs=; b=F9wQvYXyDCm56MyHpHXJN+Em+tyIZadx5LPqy6ZWMVogM20Ad8X8JjBNKisAlY78f3/fLf 6WUC84E3G6jw17rSzsH04MOoff8/oXLSG5+/OMq+CZwqkZ+4vq9EJpQB8ITFp7hU944QZL qVPJJtImmbfRkZBGCa8fmycsjEcuyeqr3TkVUiE7wPrmPZY0Upq9QDlOGWzGRM4GIeaMk0 iMefkF3B4iyq3mXmZmPQmeLqcOuHQXMzZfa7SMT7poJlzr4cyQjG/FLKKB94q0V5QVZ76E gAkhuA8FqZRsyPeARtRG9RdcG4/qBYfNZXUHu9PpPNVD3h5XL+6nfIOjT7XWYA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M2P7d2YRrzkCv; Tue, 9 Aug 2022 20:00:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 279K0TKo031015; Tue, 9 Aug 2022 20:00:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 279K0TKH031014; Tue, 9 Aug 2022 20:00:29 GMT (envelope-from git) Date: Tue, 9 Aug 2022 20:00:29 GMT Message-Id: <202208092000.279K0TKH031014@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: dd349089ff92 - releng/13.0 - vm_fault: Shoot down shared mappings in vm_fault_copy_entry() List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.0 X-Git-Reftype: branch X-Git-Commit: dd349089ff92643f084fdef2cd8bb07659c82aaf Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660075229; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UTT3aLo/1uXcJ3NjsYNFmtdF4xQGg01Nq+qgGR+iKHs=; b=gNdzc7Q3eU0AIgS24WW2e99BxNUH1nMzsG4TmW2DH9nd3fqGy0JU/KzhTKjWEKvj5Xh59L yAXmx/fvyQAWXYLZ6lyRnTVdIWT4/Byz6ebR0MqFaKhv5niKNmS13q/mckwXCxvpX+BQ+r K60/9kfN/uD+zr9jBuc6oZMOtTeFea28vuogQubCc9RHwJGyf+uX3odKYQasrIRX1fiOrg mGDgfKm4pw75MgDqKNbOzWcPVRp4RTq2g3eN2sZjwAoyywmJHWFbFtWKEvNdZBhpjr2ok2 RABdDxdUT/oqaF2UH/2eI43DeD+3yvXbjGA8zvBRmhlm9tvhPxQUPp1yBHLuKA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1660075229; a=rsa-sha256; cv=none; b=B+sR3FYq2qeHjPH7E9tnN1NC3mhRtglrv2Z98cDQbRzsDklOjtTP7G3HDlnWRKK5vSgTj7 CxMMjahkvVVatj1TjB1VxUJygl4e17YWJObyqRPs5fz8caR22JuGC3Qn16Ar2Lf8HO8h2J 3KM2lj/gBmw0o7Li26dccUnP8mPHThFAwbuq/UK2Sc1HYEQbo06UpWd++4q8jvAp5UO0iT ezN2dA+BejN74jHKgsaw/jkNJ9mUd5E1qHvvClj0Gfw47xFUtPA100rG1QZ9THLZh0CNYm h/7+lrHfS6RBl/WVNh1WuD7LGZdLwjTdx++S77OWoC3hd7jQJXvE4qEVlSjUnw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch releng/13.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=dd349089ff92643f084fdef2cd8bb07659c82aaf commit dd349089ff92643f084fdef2cd8bb07659c82aaf Author: Mark Johnston AuthorDate: 2022-07-25 20:53:21 +0000 Commit: Mark Johnston CommitDate: 2022-08-09 19:59:49 +0000 vm_fault: Shoot down shared mappings in vm_fault_copy_entry() As in vm_fault_cow(), it's possible, albeit rare, for multiple vm_maps to share a shadow object. When copying a page from a backing object into the shadow, all mappings of the source page must therefore be removed. Otherwise, future operations on the object tree may detect that the source page is fully shadowed and thus can be freed. Approved by: so Security: FreeBSD-SA-22:11.vm Reviewed by: alc, kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35635 (cherry picked from commit 5c50e900ad779fccbf0a230bfb6a68a3e93ccf60) (cherry picked from commit 3ea8c7ad90f75129c52a2b64213c5578af23dc8d) --- sys/vm/vm_fault.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index 8b212f3f84e5..da15ed5f4254 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -2018,6 +2018,13 @@ again: VM_OBJECT_WLOCK(dst_object); goto again; } + + /* + * See the comment in vm_fault_cow(). + */ + if (src_object == dst_object && + (object->flags & OBJ_ONEMAPPING) == 0) + pmap_remove_all(src_m); pmap_copy_page(src_m, dst_m); VM_OBJECT_RUNLOCK(object); dst_m->dirty = dst_m->valid = src_m->valid;