Date: Wed, 10 Jun 2009 14:38:10 +0100 From: Tim Borgeaud <tim@tangobravo.co.uk> To: freebsd-hackers@freebsd.org Subject: Device drivers, mmap/munmap and freeing memory Message-ID: <4A2FB742.6080307@tangobravo.co.uk>
next in thread | raw e-mail | index | archive | help
I'm currently working on some wrappers and compatibility functions for allowing USB Linux device driver code to be compiled to create a FreeBSD driver module. I.e. extending the work of Luigi Rizzo (linux-kmod-compat) and/or the compatibility code now present in the FreeBSD USB stack. This approach, for creating drivers from Linux source, will probably be moved into userland in one way or another, but for now I'm going to see if I can make some progress by getting some Linux webcam drivers working. The problem I'm currently wrestling with is how to manage the emulation of Linux's mmapping. Linux driver code expects to be able to use some callback functions that are invoked when certain mmap related events occur. Drivers appear to use an open/close pair of functions that are called when a processes starts or stops using mapped memory. These are typically used to maintain a reference count for the memory. As far as I can tell, in FreeBSD, a vm_object_t also contains a similar reference count. The vm subsystem cleans up vm objects (and vm_map entries etc) when the reference count falls to zero. The trouble I have is that it appears that I'm going to need some way to let Linux driver code know whether or not some memory is still in use, i.e. whether the FreeBSD system still holds a vm_object for the mmapped memory. Ideally, I could invoke the Linux driver functions appropriately (when the vm subsystem increments or decrements reference counts for a vm_object). However, it should be enough just to make sure that the Linux driver close callback function is invoked when mapped memory has been unmapped. As far as I can tell, closing mapped file descriptors should not effect the reference count. It appears that it is quite legitimate to access mapped memory after the corresponing file descriptor has been closed. I'm wondering if there is any way to figure out whether some memory is still mapped (by the vm subsystem), whether or not a driver could be informed about munmapping (or forking etc) or what the possible effects would be if memory that has been mmapped is freed (while it may be in use). I suspect that applications will simply open, mmap and then close (and exit). So I think it would not be unreasonable to cause applications that work in some other way to fail. However, I also suspect that the failure resulting from attempts to access memory that has just been freed by a driver may be worse than a crashed application. Tim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A2FB742.6080307>