Page MenuHomeFreeBSD
Differential D21841

Fix arm64's pmap_enter_quick_locked()
ClosedPublic
Actions

Authored by alc on Sep 29 2019, 6:05 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Oct 14, 3:51 AM
Unknown Object (File)
Sat, Oct 4, 6:44 AM
Unknown Object (File)
Mon, Sep 29, 10:16 AM
Unknown Object (File)
Thu, Sep 25, 6:53 AM
Unknown Object (File)
Wed, Sep 24, 8:28 PM
Unknown Object (File)
Sun, Sep 21, 11:02 PM
Unknown Object (File)
Sep 1 2025, 1:09 AM
Unknown Object (File)
Aug 25 2025, 9:22 AM
View All 64 Files
Subscribers
emaste
imp

Details

Reviewers
andrew
markj
manu
Commits
rS352930: In short, pmap_enter_quick_locked("user space", ..., VM_PROT_READ) doesn't
Summary

When arm64's pmap_enter_quick_locked() creates a user-space mapping, it doesn't set ATTR_AP(ATTR_AP_USER) in the PTE, so any subsequent attempt to read from the page triggers a page fault.

This problem isn't fatal because the page fault handler will determine that the mapping should be valid and perform a pmap_enter() that sets ATTR_AP(ATTR_AP_USER) in the new PTE.

That said, I do believe that instruction fetches are not affected by this bug. (See Table D5-33 in the architecture manual.) In other words, as long as the mapping doesn't have ATTR_XN set, user-space instruction fetches will succeed even without ATTR_AP(ATTR_AP_USER) in the PTE.

Test Plan

Clang reads source files using mmap(). Before applying this patch, vmstat -s reported "235989057 total VM faults taken" after a "buildworld". After applying the patch, vmstat -s reported "190243137 total VM faults taken".

I'm double-checking these numbers, because the difference is more than I would have guessed.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
head/
sys/
arm64/
arm64/
4 lines

Diff 62794

View Options

head/sys/arm64/arm64/pmap.c

Loading...