From owner-freebsd-hackers@FreeBSD.ORG Thu Mar 22 12:23:56 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 04146106564A for ; Thu, 22 Mar 2012 12:23:56 +0000 (UTC) (envelope-from eric.saintetienne@gmail.com) Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id B40C28FC12 for ; Thu, 22 Mar 2012 12:23:55 +0000 (UTC) Received: by yhgm50 with SMTP id m50so1998096yhg.13 for ; Thu, 22 Mar 2012 05:23:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=9ky3pD+y3/8/qOLlf0ofCCDEV5Xc+p5zYoH9R0LlaY4=; b=mUOyemIyJpHjqq+UPhk+/i1RQwNiAXRZlS2GI8H/4U0bH7fdz5FPV4Qmvxsl4rqSYn wdqn9LXlJKvdCHRV/vUgdnqvksHUpcjjWvJY43ukQiF6ga//wOFxhcpfspH++n32xhse astkPMFDJ9HSDUOw0LmfbFf+EWjVLcLLbUtTJ55DV424LKJBoV6v7kAnexxt7tLyASTG vGArzHVi1Fb+2xsx3B1hyWz+xOv6BvjT5XCGw9xpGpMVOmWxdGcraDE8XlYvDNsAgRC3 KYEXy2T+BIJC8N6m7ubtxybUZJ1RuCWTG8Q/5BjeOcGLckapZ7loUkxe/AlDlMum5jBc pFwg== Received: by 10.68.136.162 with SMTP id qb2mr20672817pbb.67.1332419034885; Thu, 22 Mar 2012 05:23:54 -0700 (PDT) MIME-Version: 1.0 Received: by 10.68.47.129 with HTTP; Thu, 22 Mar 2012 05:23:24 -0700 (PDT) In-Reply-To: References: From: Eric Saint-Etienne Date: Thu, 22 Mar 2012 12:23:24 +0000 Message-ID: To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset=UTF-8 Subject: Re: malloc pages map to user space X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2012 12:23:56 -0000 I've refined the behaviour I observe, which isn't consistent depending on the size one mallocates. (see interleaved comments) > In my driver, I need to map some malloc-ed memory, obtained from > another module, into userspace. > > The problem: on the smaller mallocs, as well as on some bigeer ones > (8k seems fine, 64k fails): vm_map_lookup() fails finding the > underlying vm object. In the current implementation I'm calling vm_map_lookup() against the kmem_map. As a result it either return the kmem_object, or fails at all (for smaller or larger mallocs.) > Do somebody know how (or better, have a piece of code!) to retrieve > the vm_object associated with malloc-ed memory? (small and big ones) > > As far as I can see in the vm code, there isn't any object associated > with the slabs (the smaller mallocs), it seems that a huge chunk of > virtual space is used "as is", so I presume the virtual addresses > where the SLABs are have some remarkable property, with respect to > physical addresses, that could allow creating an object from scratch? By using kernel_map instead of kmem_map, vm_map_lookup() now always return a vm_object. That's a big progress. As expected, when this object is kmem_object, the user mapping works fine (for smaller or larger mallocs.) Otherwise that object doesn't match kernel_object. It's an anonymous object to me. Using that "anonymous" vm_object for mapping into user map (using vm_map_find()) doesn't directly fail, it does provide a virtual address in the user map. However I read zeros at that address, from within the user process. Any help would be highly appreciated. Thanks! Eric