vm_map_protect / pmap_protect Can't lower protection

Andrew Brampton brampton+freebsd-hackers at gmail.com
Mon Jul 20 15:14:07 UTC 2009

I've been playing with memguard(9) and so far it works well until it
starts to run out of memory. For those who don't know, memguard is a
replacement debugging malloc for the kernel, which is designed to
catch use after free errors. It achieves this by setting any free'd
pages to read-only, therefore any writes to the page should generate a
page fault, and a backtrace allowing you to figure out where your code
is using freed memory. To stop memguard using all your system's RAM
and setting every page to read-only, it begins to recycle previously
freed pages. To do this it must first make the page read-write, and
then return it from malloc.

The problem I am facing is when memguard, unguards a page (ie changes
the page to read-write) it does not actually do this, and the page
remains read-only. I have tracked the problem down but I don't know
how to fix it.

memguard_guard calls vm_map_protect with a read-only flag.
vm_map_protect updates the vm_map_entry, and then calls pmap_protect
to set the actual pte.
pmap_protect successfully sets the pte to read-only and everything
works as it should.

However, memguard_unguard doesn't work correctly. It first calls
vm_map_protect with a read-write flag.
vm_map_protect correctly updates the vm_map_entry, and then calls
pmap_protect to set the actual pte.
pmap_protect is lazy and notices that we are reducing the protection
on the page and therefore does nothing. It assumes that later that a
page fault will occur, call vm_fault, and then fix up the pte then.

The problem I seem to be having is that vm_fault is not called,
because when the page fault occurs, calltrap then trap gets called,
but it falls into trap_fatal because a non-sleepable lock is held.

So my question is, can I call a function which sets the pte in a
non-lazy way? I considered rewriting pmap_protect to do this, but I
thought it be best to do it another way. Another idea I had was to
call vm_fault myself straight after vm_map_protect, but I was unsure
if that was allowed. Also, some googling found the function
pmap_page_protect claims to do what I want, but has long been missing
from FreeBSD.

In case it matters, I'm using FreeBSD 7.2, on a amd64 machine. I've
looked at HEAD and the relevant code looks the same, so I suspect I
will still have problems with that.

thanks for any help

More information about the freebsd-hackers mailing list