From nobody Tue Aug 9 19:58:55 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M2P5r0wN7z3j7d4; Tue, 9 Aug 2022 19:58:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M2P5q6MBRz3hMT; Tue, 9 Aug 2022 19:58:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660075135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QHOMRZqQD07CKgLNG95+U1X7NZunsBCYTII61WnQ4lU=; b=IFcBwRWb6T0S/neX1D1n/CmZ6lx/6fYDF/aldnlBnHywEbdxfj6MGvawOjjzk+feSMBBNg A0f0SZpspjBe+n4b0vfNJ2XrcCmGyUQKJ4UzliX8rSvt/KTUU6m/Jir/nGZtl3J85SZYkG pJTEOISGRTPko2iaeK3KoXV3/azNGx7ovufoSaDG9WLDezJTzdgpdNG19BxTdfzBdmxSgB Mxtb07zt0QTo0pbfQl5+EAHHffX/qnOtin9z27Qk9ENvBK2kprAEzs4Xq3w3f/dY8mlZun ukRUazm9clRDe8BkXx1ptVT/0y8hLqsepvuOaiPVrINWMPe46jAYHaG3boXjqA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M2P5q5SfQzkTp; Tue, 9 Aug 2022 19:58:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 279Jwttr021472; Tue, 9 Aug 2022 19:58:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 279JwthO021471; Tue, 9 Aug 2022 19:58:55 GMT (envelope-from git) Date: Tue, 9 Aug 2022 19:58:55 GMT Message-Id: <202208091958.279JwthO021471@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 1120c36b075c - releng/12.3 - vm_fault: Shoot down shared mappings in vm_fault_copy_entry() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/12.3 X-Git-Reftype: branch X-Git-Commit: 1120c36b075c9c0df22fc3d2e870ba8f85ceed2c Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660075135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QHOMRZqQD07CKgLNG95+U1X7NZunsBCYTII61WnQ4lU=; b=PLmRKuRPw2U+xJekJDuPfCsknfANRZwmQqW95H8yT69IYb8YxAkuE4/nSDqNviWvZ1tU8J 6ToMKwKX++IwUtnQ0VmVHLVG2/QltwBl6XBL/CrQlqm7qorXlPqR3yqn+DxS+Pm2ZVV0zj e9/YdsGhpz/4ZRZ1IjS/GRd8peNkJlDBmf6XfbZ8+HKdW9uck+Ro5AEuzDc3jqjOD0cNFy cVKW6AYKC7CV+Nv6fPPGUh+qXDv42vtztcjt9W18iVLVZ2Ga6jsrtzme7oe4mL4WM23iWe +ltrbpOBTb7zqDf8Y2RWNP4MWs8R31XjRW5RntFzTZa4avq89gSasDg6T4urBw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1660075135; a=rsa-sha256; cv=none; b=AOEAvigQ8Txu/voBIhpkOW1995hTMhRX037f+zzi6a+a72OWFhfD8Wqa2YcP4hSEZXi4SO YPvpxpLZD+yQYeWNN9ahtEQlB03vYUIEPkyZ4STz+aoQWYXd4+FM+3pnFK/pg3WtmY6ixj AGEcrcaEX9FINSoZJhnh1S6MWSq3PwDx1U5rUjVHM0gutDG7M/eJkdW7kpFf+F0ZYapey3 UgtcgLUHZ9t6ohO41+37QksBzgelYH2oNEENARoJaWz2B5Dx7xLDYsXLimMnwoMEo6gx9Z izV4NevlXRZGd9M+nBwzhf/mUE73nB1o/j8Bb5CKlzSwmbAFdWWf/+xUFCk+GQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch releng/12.3 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=1120c36b075c9c0df22fc3d2e870ba8f85ceed2c commit 1120c36b075c9c0df22fc3d2e870ba8f85ceed2c Author: Mark Johnston AuthorDate: 2022-07-25 20:53:21 +0000 Commit: Mark Johnston CommitDate: 2022-08-09 19:58:12 +0000 vm_fault: Shoot down shared mappings in vm_fault_copy_entry() As in vm_fault_cow(), it's possible, albeit rare, for multiple vm_maps to share a shadow object. When copying a page from a backing object into the shadow, all mappings of the source page must therefore be removed. Otherwise, future operations on the object tree may detect that the source page is fully shadowed and thus can be freed. Approved by: so Security: FreeBSD-SA-22:11.vm Reviewed by: alc, kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35635 (cherry picked from commit 5c50e900ad779fccbf0a230bfb6a68a3e93ccf60) (cherry picked from commit 9a2a2871c4908cfe7012236912918622e0ed0b32) --- sys/vm/vm_fault.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index 7829b3691d83..efbe0b23f259 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -1884,6 +1884,13 @@ again: VM_OBJECT_WLOCK(dst_object); goto again; } + + /* + * See the comment in vm_fault_cow(). + */ + if (src_object == dst_object && + (object->flags & OBJ_ONEMAPPING) == 0) + pmap_remove_all(src_m); pmap_copy_page(src_m, dst_m); VM_OBJECT_RUNLOCK(object); dst_m->dirty = dst_m->valid = src_m->valid;