Page MenuHomeFreeBSD
Differential D10349

Busy the map in vm_map_protect()
ClosedPublic
Actions

Authored by markj on Apr 10 2017, 4:38 PM.
Tags
None
Referenced Files
Unknown Object (File)
Jan 12 2025, 5:00 PM
Unknown Object (File)
Jan 9 2025, 5:02 PM
Unknown Object (File)
Dec 30 2024, 1:10 AM
Unknown Object (File)
Dec 4 2024, 8:47 AM
Unknown Object (File)
Nov 24 2024, 9:08 AM
Unknown Object (File)
Nov 20 2024, 2:44 AM
Unknown Object (File)
Nov 19 2024, 8:59 PM
Unknown Object (File)
Nov 5 2024, 1:58 PM
View All 45 Files
Subscribers
pho

Details

Reviewers
alc
kib
Commits
rS316689: Busy the map in vm_map_protect().
Summary

Otherwise we are susceptible to a race with a concurrent vm_map_wire()
call, which faults pages into the object chain and drops the map lock
between each call to vm_fault(). In particular, vm_map_protect() will
only copy newly writable wired pages if MAP_ENTRY_USER_WIRED is set, but
vm_map_wire() only sets this flag after the fault loop. So we may end up
with a PROT_WRITE wired map entry whose top-level object does not
contain the entire range of pages.

It is also possible to address this race by checking for in-transition
map entries in the final loop of vm_map_protect(), but that is more
complicated since it requires some restart logic, and I don't see any
real benefits.

Unrelated changes are to add assertions to the map clip functions
(motivated by a bug in my first attempt to check for and handle
MAP_ENTRY_IN_TRANSITION entries in vm_map_protect()), and to
consistently use for-loops in vm_map_protect().

Test Plan

Peter tested the patch and reported the original problem ("vm_fault_copy_entry: main object missing page" during a fork).

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Apr 10 2017, 4:38 PM
Harbormaster completed remote builds in B8663: Diff 27311.Apr 10 2017, 4:38 PM
markj edited the summary of this revision. (Show Details)Apr 10 2017, 4:42 PM
markj edited the test plan for this revision. (Show Details)
markj added reviewers: alc, kib.
markj added a subscriber: pho.
kib accepted this revision.Apr 10 2017, 6:52 PM
kib added inline comments.
sys/vm/vm_map.c
1658 ↗(On Diff #27311)

You might check more things there, e.g. assert that start belongs to the internal range of the entry.

This revision is now accepted and ready to land.Apr 10 2017, 6:52 PM
markj updated this revision to Diff 27321.Apr 10 2017, 7:34 PM
markj edited edge metadata.

Strengthen assertions.

This revision now requires review to proceed.Apr 10 2017, 7:34 PM
Harbormaster completed remote builds in B8668: Diff 27321.Apr 10 2017, 7:34 PM
kib accepted this revision.Apr 10 2017, 7:49 PM

Thank you.

This revision is now accepted and ready to land.Apr 10 2017, 7:49 PM
Closed by commit rS316689: Busy the map in vm_map_protect(). (authored by markj). · Explain WhyApr 10 2017, 9:01 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sys/
vm/
8 lines

Diff 27325

View Options

head/sys/vm/vm_map.c

Loading...