git: bb150039c0ce - releng/15.0 - vm_fault: only rely on PG_ZERO when the page was newly allocated
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 27 Jan 2026 19:15:48 UTC
The branch releng/15.0 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=bb150039c0ce2de8704d67b104beb306482c3cb2
commit bb150039c0ce2de8704d67b104beb306482c3cb2
Author: Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-11-28 15:57:22 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2026-01-26 16:48:40 +0000
vm_fault: only rely on PG_ZERO when the page was newly allocated
Approved by: so
Security: FreeBSD-EN-26:03.vm
(cherry picked from commit cff67bc43df14d492ccc08ec92fddceadd069953)
(cherry picked from commit 3c0942f99209cb95be64c95322b5f99b575db6b3)
---
sys/vm/vm_fault.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c
index 22558a12b44b..f9711548e23e 100644
--- a/sys/vm/vm_fault.c
+++ b/sys/vm/vm_fault.c
@@ -138,6 +138,7 @@ struct faultstate {
vm_object_t object;
vm_pindex_t pindex;
vm_page_t m;
+ bool m_needs_zeroing;
/* Top-level map object. */
vm_object_t first_object;
@@ -264,6 +265,7 @@ static void
vm_fault_deallocate(struct faultstate *fs)
{
+ fs->m_needs_zeroing = true;
vm_fault_page_release(&fs->m_cow);
vm_fault_page_release(&fs->m);
vm_object_pip_wakeup(fs->object);
@@ -1181,7 +1183,7 @@ vm_fault_zerofill(struct faultstate *fs)
/*
* Zero the page if necessary and mark it valid.
*/
- if ((fs->m->flags & PG_ZERO) == 0) {
+ if (fs->m_needs_zeroing) {
pmap_zero_page(fs->m);
} else {
VM_CNT_INC(v_ozfod);
@@ -1296,6 +1298,7 @@ vm_fault_allocate(struct faultstate *fs, struct pctrie_iter *pages)
vm_waitpfault(dset, vm_pfault_oom_wait * hz);
return (FAULT_RESTART);
}
+ fs->m_needs_zeroing = (fs->m->flags & PG_ZERO) == 0;
fs->oom_started = false;
return (FAULT_CONTINUE);
@@ -1586,6 +1589,7 @@ vm_fault(vm_map_t map, vm_offset_t vaddr, vm_prot_t fault_type,
fs.fault_flags = fault_flags;
fs.map = map;
fs.lookup_still_valid = false;
+ fs.m_needs_zeroing = true;
fs.oom_started = false;
fs.nera = -1;
fs.can_read_lock = true;