From nobody Tue Aug 09 19:56:32 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M2P3466hVz3j77F; Tue, 9 Aug 2022 19:56:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M2P344fJtz3fNf; Tue, 9 Aug 2022 19:56:32 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660074992; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GhuW4neIbFwanH9+JoprlhSmxBX1JwHRK5856QIravA=; b=U9px1lZy+okXeifRO/gzablAa3MPG7giXVSxktrCdgGlOhCrfpLnaHbXU8wPr992ntEd6K CWBeT/NIkSMVrJLimLn1na6kjfZpGncoBzNudT96gPjSg95MG7MC8q0OtWwVNhiTNDOOZq vefUtLTq2WDQSGYBJmwuOWm/RQH2cmbbezlShA7gGd+1YRCD6jp1UcpfMgNgSxOaVKaxqG cNnvh6sKWRsUo7cHTxaO1NANzQrgHfTPTMtZmgVKfIPUVPsWBkxKKJuyBk0x8ivmnC3H8r CiozaffW3a9ZlEj5i/PMdEdEYYllMfgJbJQYQnDxut5Dv2QVK9As7MN32AZ3dg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M2P343j6szkFZ; Tue, 9 Aug 2022 19:56:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 279JuW2s020794; Tue, 9 Aug 2022 19:56:32 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 279JuWWn020793; Tue, 9 Aug 2022 19:56:32 GMT (envelope-from git) Date: Tue, 9 Aug 2022 19:56:32 GMT Message-Id: <202208091956.279JuWWn020793@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 5c50e900ad77 - main - vm_fault: Shoot down shared mappings in vm_fault_copy_entry() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5c50e900ad779fccbf0a230bfb6a68a3e93ccf60 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660074992; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GhuW4neIbFwanH9+JoprlhSmxBX1JwHRK5856QIravA=; b=qCk2JzSzldho8otW6sojeaXUc0fhw5FNUwYxVWjsSgfOET+G1hupENjSvg2pqphY3xBjlr P9d1jpZKukViZQ63ruZN+e1xOqxye8orE8MlkmWFHruMUQNLp9R3CcG/Wbr63tLEdcZflf SPfS2GarchH2t5ffjTmke4O9LFTEk7O6zgpDUY2A0WflnBrej1UKlhyFuqmK/cB83/fJSh NPFPmpRn0cHrmqnWLSgHhrCiDkkCxeBkbcIWJD9ZBBn4lCDKm9up+cTakINb2zqS2sO0hV eoz3V54+Bj5T6ChOgWRL0FdNfc2YMehbk1TjBC5EAWeCP2uvv2dbncNJdlRpkg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1660074992; a=rsa-sha256; cv=none; b=hSAVM4RV0srW6+KeW+e4sq1FKLwXE5xyzYKtBqb5vR3M+noeJXcD4Gs0/bH2EnzBcKKgLu pX302LNyHRDfJzhy2dIpBWBXcwR57HHSktTjMrMhNYimpWSSZedJKFVmMr/kkegSUUUztw ay9L8nSG0iX16pEA0KXYdKUV5gV8o6+ELMD3AuA6LJ1A28KLfmcSZ4r796oVR/AKrZNS6r CbhVNs7mSxqeGX5tucRFIgzUXI4bNoMEFsEsh0mUp94S4eWJAwi5c8QeRcSSztKBx5Npr5 Chiq0/j5FMEbuBmXQBQuyE2b/zQot7zRKQCQbc6g88SkZpUBOUmWYtJPaoieKA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=5c50e900ad779fccbf0a230bfb6a68a3e93ccf60 commit 5c50e900ad779fccbf0a230bfb6a68a3e93ccf60 Author: Mark Johnston AuthorDate: 2022-07-25 20:53:21 +0000 Commit: Mark Johnston CommitDate: 2022-08-09 19:44:45 +0000 vm_fault: Shoot down shared mappings in vm_fault_copy_entry() As in vm_fault_cow(), it's possible, albeit rare, for multiple vm_maps to share a shadow object. When copying a page from a backing object into the shadow, all mappings of the source page must therefore be removed. Otherwise, future operations on the object tree may detect that the source page is fully shadowed and thus can be freed. Approved by: so Security: FreeBSD-SA-22:11.vm Reviewed by: alc, kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35635 --- sys/vm/vm_fault.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index 0433b6dd3d7e..8f30c5b93828 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -2107,6 +2107,13 @@ again: VM_OBJECT_WLOCK(dst_object); goto again; } + + /* + * See the comment in vm_fault_cow(). + */ + if (src_object == dst_object && + (object->flags & OBJ_ONEMAPPING) == 0) + pmap_remove_all(src_m); pmap_copy_page(src_m, dst_m); /*