Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 Apr 2026 15:45:29 +0000
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 1abe7ead45c3 - releng/14.4 - vm_fault: Reset m_needs_zeroing properly
Message-ID:  <69e79b99.35f19.7b1a6f0a@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch releng/14.4 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=1abe7ead45c3236e5325f43535e2513697a5705e

commit 1abe7ead45c3236e5325f43535e2513697a5705e
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2026-04-08 04:21:09 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2026-04-21 15:45:02 +0000

    vm_fault: Reset m_needs_zeroing properly
    
    - When allocating a page, we should only consider the PG_ZERO flag when
      handling the top-level page.
    - Unconditionally reset the flag when restarting the fault handler.
      Previously, vm_fault_busy_sleep() would fail to reset it.
    
    Approved by:    so
    Security:       FreeBSD-EN-26:05.vm
    PR:             294039
    Reviewed by:    kib
    Tested by:      Peter Much <pmc@citylink.dinoex.sub.org>
    MFC after:      3 days
    Fixes:          cff67bc43df1 ("vm_fault: only rely on PG_ZERO when the page was newly allocated")
    Differential Revision:  https://reviews.freebsd.org/D56234
    
    (cherry picked from commit 04132e01004316ddd0e0cde6ef15b100b7b1844d)
    (cherry picked from commit 9b7c0f4f81f06424899094d4381dede79669b623)
---
 sys/vm/vm_fault.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c
index 418f39ac2a2b..87deb993402c 100644
--- a/sys/vm/vm_fault.c
+++ b/sys/vm/vm_fault.c
@@ -272,8 +272,6 @@ vm_fault_might_be_cow(struct faultstate *fs)
 static void
 vm_fault_deallocate(struct faultstate *fs)
 {
-
-	fs->m_needs_zeroing = true;
 	vm_fault_page_release(&fs->m_cow);
 	vm_fault_page_release(&fs->m);
 	vm_object_pip_wakeup(fs->object);
@@ -1321,7 +1319,8 @@ vm_fault_allocate(struct faultstate *fs)
 			vm_waitpfault(dset, vm_pfault_oom_wait * hz);
 		return (FAULT_RESTART);
 	}
-	fs->m_needs_zeroing = (fs->m->flags & PG_ZERO) == 0;
+	if (fs->object == fs->first_object)
+		fs->m_needs_zeroing = (fs->m->flags & PG_ZERO) == 0;
 	fs->oom_started = false;
 
 	return (FAULT_CONTINUE);
@@ -1653,7 +1652,6 @@ vm_fault(vm_map_t map, vm_offset_t vaddr, vm_prot_t fault_type,
 	fs.fault_flags = fault_flags;
 	fs.map = map;
 	fs.lookup_still_valid = false;
-	fs.m_needs_zeroing = true;
 	fs.oom_started = false;
 	fs.nera = -1;
 	fs.can_read_lock = true;
@@ -1662,6 +1660,7 @@ vm_fault(vm_map_t map, vm_offset_t vaddr, vm_prot_t fault_type,
 
 RetryFault:
 	fs.fault_type = fault_type;
+	fs.m_needs_zeroing = true;
 
 	/*
 	 * Find the backing store object and offset into it to begin the
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69e79b99.35f19.7b1a6f0a>