From nobody Tue Aug 9 20:01:25 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M2P8j3hhLz3j8fK; Tue, 9 Aug 2022 20:01:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M2P8j3Clnz3mH0; Tue, 9 Aug 2022 20:01:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660075285; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8nhKCvbuLCtV8IhZfe87xx9AD2mdsQo4woGT/pjw/pM=; b=uu2I4diTviqIVUkuYRfMwKNW0raOZNeY10VlLrNgTUhPi4hb4kkxR4X9IGi3yY46qErO0a DjeCYrv0Bub4C/RyuiZ3+vrrJV2uYYmE3oP+NUI5T5fH5abbszE6TUJ7tjKtoROsRav9i1 275vNwTqtdcIu4uME76BYD8cdtivPDgqobHaZuGPIStdyIohdO1rUtUTijGq/CfnTnDBw1 Bu6by37eFzSGLKDQ7f9g4z4DIBiVHjynLNjeziZ2qpB6n5hwEhmAoG3Dff3erfA6OqzZg+ hr/gfAr1os8sxKjyoCnAEP9/RUmxp6r/3g7KTeVEBuU7YZZtn3s6idCvejSz0g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M2P8j1t1BzkJs; Tue, 9 Aug 2022 20:01:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 279K1P8h031408; Tue, 9 Aug 2022 20:01:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 279K1PWr031407; Tue, 9 Aug 2022 20:01:25 GMT (envelope-from git) Date: Tue, 9 Aug 2022 20:01:25 GMT Message-Id: <202208092001.279K1PWr031407@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 0c88ecaa1255 - releng/13.1 - vm_fault: Shoot down shared mappings in vm_fault_copy_entry() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.1 X-Git-Reftype: branch X-Git-Commit: 0c88ecaa12555cfea0395abdb0ffac9b3e0f3204 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660075285; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8nhKCvbuLCtV8IhZfe87xx9AD2mdsQo4woGT/pjw/pM=; b=yNXEtIGyMk8VT2bBA1e6IZLu8eHWeBUxtgrLQNxezNmFa/lY9ns/m6ait+Wz7eCml2Tz4V KCEfMCkC/N40tsmAVDSJOsxKsoxPxI4cBa4Tc/TvFKAriBgtkEyV5ozvEpgECZjcdWxUAh EQdco6Dgxd9LoQDkauObrXjWOU5ygnV1H3qIBWc/xyfFbfEo9wzKK51HqG2OrnkYY0s0AT mSp9zUTLuCchdTYBbsiC1eL2FI4aRwG2/b4NHYAiHxxSqImO/a51+RRNju9aaXrLNmt0fL x+XsPuGlXHyhVcEngSDjoVr6J8rCWis5cT8Vng7kQtcrtvkFOgUptK8uHxjayQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1660075285; a=rsa-sha256; cv=none; b=vXcuepoRQ9yIkp8qO4BhkcJfl/NX2Zg4/7lfBLIORP4UXm2bHNFnNOUhqmVlyt8LY5+1Fv U8xiPQ6c2q1iAZgKCzzkbJa3WnCK0+05lFTtEdR5QPhERZVmvXJhFOBFZou/qB7mPf92V2 MRpBnzAqVqLFGwFHKw1ZSNkjSfrr0fZrH86383wfrSElaQOO7j2LPs5bj9ztFs+rWPe5pp RboucTQsD+xnuRBcEMztafpP4WUeHehb2F+O/BL84zdACZnOKlsD0ozmE/gvo0bPAkYpvU wPv7CMHIW+4ZgxdUpq9G2/I5O4VFcWPn3Fbu5HwlNl91YtVCE11iV3hCpSJrwg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch releng/13.1 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=0c88ecaa12555cfea0395abdb0ffac9b3e0f3204 commit 0c88ecaa12555cfea0395abdb0ffac9b3e0f3204 Author: Mark Johnston AuthorDate: 2022-07-25 20:53:21 +0000 Commit: Mark Johnston CommitDate: 2022-08-09 20:01:00 +0000 vm_fault: Shoot down shared mappings in vm_fault_copy_entry() As in vm_fault_cow(), it's possible, albeit rare, for multiple vm_maps to share a shadow object. When copying a page from a backing object into the shadow, all mappings of the source page must therefore be removed. Otherwise, future operations on the object tree may detect that the source page is fully shadowed and thus can be freed. Approved by: so Security: FreeBSD-SA-22:11.vm Reviewed by: alc, kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35635 (cherry picked from commit 5c50e900ad779fccbf0a230bfb6a68a3e93ccf60) (cherry picked from commit 3ea8c7ad90f75129c52a2b64213c5578af23dc8d) --- sys/vm/vm_fault.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index 41346f8635ea..8aa8dca3509a 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -2099,6 +2099,13 @@ again: VM_OBJECT_WLOCK(dst_object); goto again; } + + /* + * See the comment in vm_fault_cow(). + */ + if (src_object == dst_object && + (object->flags & OBJ_ONEMAPPING) == 0) + pmap_remove_all(src_m); pmap_copy_page(src_m, dst_m); VM_OBJECT_RUNLOCK(object); dst_m->dirty = dst_m->valid = src_m->valid;