git: 92a9501b6be3 - stable/14 - vm_object: do not assume that un_pager.devp.dev is cdev

From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Tue, 12 Nov 2024 23:19:48 UTC
The branch stable/14 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=92a9501b6be3d37a4eefcfbdda799b656ae146e8

commit 92a9501b6be3d37a4eefcfbdda799b656ae146e8
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2024-11-04 21:54:30 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2024-11-12 23:19:18 +0000

    vm_object: do not assume that un_pager.devp.dev is cdev
    
    PR:     282533
    
    (cherry picked from commit 580340dbdaaf372867e9ed3dd257430982753e5e)
---
 sys/kern/kern_proc.c | 5 +++--
 sys/vm/vm_mmap.c     | 3 +++
 sys/vm/vm_object.c   | 3 ++-
 sys/vm/vm_object.h   | 1 +
 4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index 18302bb8abae..b7fa7bfb60e9 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -2718,8 +2718,9 @@ kern_proc_vmmap_out(struct proc *p, struct sbuf *sb, ssize_t maxlen, int flags)
 
 			kve->kve_ref_count = obj->ref_count;
 			kve->kve_shadow_count = obj->shadow_count;
-			if (obj->type == OBJT_DEVICE ||
-			    obj->type == OBJT_MGTDEVICE) {
+			if ((obj->type == OBJT_DEVICE ||
+			    obj->type == OBJT_MGTDEVICE) &&
+			    (obj->flags & OBJ_CDEVH) != 0) {
 				cdev = obj->un_pager.devp.handle;
 				if (cdev != NULL) {
 					csw = dev_refthread(cdev, &ref);
diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c
index 6b0a70d523d5..21ec52b8124f 100644
--- a/sys/vm/vm_mmap.c
+++ b/sys/vm/vm_mmap.c
@@ -1435,6 +1435,9 @@ vm_mmap_cdev(struct thread *td, vm_size_t objsize, vm_prot_t prot,
 	    td->td_ucred);
 	if (obj == NULL)
 		return (EINVAL);
+	VM_OBJECT_WLOCK(obj);
+	vm_object_set_flag(obj, OBJ_CDEVH);
+	VM_OBJECT_WUNLOCK(obj);
 	*objp = obj;
 	*flagsp = flags;
 	return (0);
diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c
index 5933b2c1d4bd..84e56b910809 100644
--- a/sys/vm/vm_object.c
+++ b/sys/vm/vm_object.c
@@ -2610,7 +2610,8 @@ vm_object_list_handler(struct sysctl_req *req, bool swap_only)
 			sp = swap_pager_swapped_pages(obj);
 			kvo->kvo_swapped = sp > UINT32_MAX ? UINT32_MAX : sp;
 		}
-		if (obj->type == OBJT_DEVICE || obj->type == OBJT_MGTDEVICE) {
+		if ((obj->type == OBJT_DEVICE || obj->type == OBJT_MGTDEVICE) &&
+		    (obj->flags & OBJ_CDEVH) != 0) {
 			cdev = obj->un_pager.devp.handle;
 			if (cdev != NULL) {
 				csw = dev_refthread(cdev, &ref);
diff --git a/sys/vm/vm_object.h b/sys/vm/vm_object.h
index 16ee3544b658..bd71820bed3c 100644
--- a/sys/vm/vm_object.h
+++ b/sys/vm/vm_object.h
@@ -206,6 +206,7 @@ struct vm_object {
 #define	OBJ_PAGERPRIV2	0x00008000	/* Pager private */
 #define	OBJ_SYSVSHM	0x00010000	/* SysV SHM */
 #define	OBJ_POSIXSHM	0x00020000	/* Posix SHM */
+#define	OBJ_CDEVH	0x00040000	/* OBJT_DEVICE handle is cdev */
 
 /*
  * Helpers to perform conversion between vm_object page indexes and offsets.