git: 62ff0566c930 - main - LinuxKPI: Allow cdev_pager prefault handler to steal pages

Wed Sep 29 20:27:39 UTC 2021

The branch main has been updated by wulf:

URL: https://cgit.FreeBSD.org/src/commit/?id=62ff0566c93056e00b3c9c3f8d2ac1e7d8e0c098

commit 62ff0566c93056e00b3c9c3f8d2ac1e7d8e0c098
Author:     Vladimir Kondratyev <wulf at FreeBSD.org>
AuthorDate: 2021-09-29 20:14:05 +0000
Commit:     Vladimir Kondratyev <wulf at FreeBSD.org>
CommitDate: 2021-09-29 20:14:05 +0000

    LinuxKPI: Allow cdev_pager prefault handler to steal pages
    
    from other vm_objects. This workarounds "Page already inserted" panic
    in vm_page_insert routine triggered on attempt to mmap file created
    with shmem_file_setup call. After introduction of "GTT mmap
    interface v4" a.k.a. MMAP_OFFSET, vm_objects allocated by these calls
    may try to own intersected sets of pages that leads to the assertion.
    
    Reviewed by:    kib
    MFC after:      2 weeks
    Differential revision:  https://reviews.freebsd.org/D32090
---
 sys/compat/linuxkpi/common/src/linux_page.c | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/sys/compat/linuxkpi/common/src/linux_page.c b/sys/compat/linuxkpi/common/src/linux_page.c
index cbe6d2530b91..c7191fef3429 100644
--- a/sys/compat/linuxkpi/common/src/linux_page.c
+++ b/sys/compat/linuxkpi/common/src/linux_page.c
@@ -281,6 +281,7 @@ lkpi_vmf_insert_pfn_prot_locked(struct vm_area_struct *vma, unsigned long addr,
     unsigned long pfn, pgprot_t prot)
 {
 	vm_object_t vm_obj = vma->vm_obj;
+	vm_object_t tmp_obj;
 	vm_page_t page;
 	vm_pindex_t pindex;
 
@@ -296,6 +297,32 @@ retry:
 		page = PHYS_TO_VM_PAGE(IDX_TO_OFF(pfn));
 		if (!vm_page_busy_acquire(page, VM_ALLOC_WAITFAIL))
 			goto retry;
+		if (page->object != NULL) {
+			tmp_obj = page->object;
+			vm_page_xunbusy(page);
+			VM_OBJECT_WUNLOCK(vm_obj);
+			VM_OBJECT_WLOCK(tmp_obj);
+			if (page->object == tmp_obj &&
+			    vm_page_busy_acquire(page, VM_ALLOC_WAITFAIL)) {
+				KASSERT(page->object == tmp_obj,
+				    ("page has changed identity"));
+				KASSERT((page->oflags & VPO_UNMANAGED) == 0,
+				    ("page does not belong to shmem"));
+				vm_pager_page_unswapped(page);
+				if (pmap_page_is_mapped(page)) {
+					vm_page_xunbusy(page);
+					VM_OBJECT_WUNLOCK(tmp_obj);
+					printf("%s: page rename failed: page "
+					    "is mapped\n", __func__);
+					VM_OBJECT_WLOCK(vm_obj);
+					return (VM_FAULT_NOPAGE);
+				}
+				vm_page_remove(page);
+			}
+			VM_OBJECT_WUNLOCK(tmp_obj);
+			VM_OBJECT_WLOCK(vm_obj);
+			goto retry;
+		}
 		if (vm_page_insert(page, vm_obj, pindex)) {
 			vm_page_xunbusy(page);
 			return (VM_FAULT_OOM);
