Page MenuHomeFreeBSD
Differential D25689

Revert r240317 to prevent leaking pmap entries
ClosedPublic
Actions

Authored by cem on Jul 16 2020, 5:02 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Apr 12, 8:22 AM
Unknown Object (File)
Fri, Apr 12, 8:22 AM
Unknown Object (File)
Mar 1 2024, 1:21 PM
Unknown Object (File)
Dec 20 2023, 3:04 AM
Unknown Object (File)
Dec 12 2023, 8:00 PM
Unknown Object (File)
Oct 14 2023, 1:30 PM
Unknown Object (File)
Aug 24 2023, 11:49 PM
Unknown Object (File)
Aug 4 2023, 11:18 AM
View All 24 Files
Subscribers
imp
jhibbits

Details

Reviewers
dgmorris_earthlink.net
kib
markj
alc
bdragon
Commits
rS363266: Revert r240317 to prevent leaking pmap entries
Summary

Subsequent to r240317, kmem_free() was replaced with kva_free() (r254025).
kva_free() releases the KVA allocation for the mapped region, but no longer
clears the pmap (pagetable) entries.

An affected pmap_unmapdev operation would leave the still-pmap'd VA space
free for allocation by other KVA consumers. However, this bug easily
avoided notice for ~7 years because most devices (1) never call
pmap_unmapdev and (2) on amd64, mostly fit within the DMAP and do not need
KVA allocations. Other affected arch are less popular: i386, MIPS, and
PowerPC. Arm64, arm32, and riscv are not affected.

Reported by: Don Morris <dgmorris AT earthlink.net>
Submitted by: Don Morris (amd64)
Discussed with: markj

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 32369
Build 29850: arc lint + arc unit

Event Timeline

cem created this revision.Jul 16 2020, 5:02 PM
Herald added a subscriber: jhibbits. · View Herald TranscriptJul 16 2020, 5:02 PM
cem requested review of this revision.Jul 16 2020, 5:02 PM
Harbormaster completed remote builds in B32362: Diff 74530.Jul 16 2020, 5:02 PM
cem added a reviewer: bdragon.Jul 16 2020, 5:03 PM
markj added inline comments.Jul 16 2020, 5:20 PM
sys/amd64/amd64/pmap.c
8283

size / PAGE_SIZE is more commonly spelled atop(size).

sys/mips/mips/pmap.c
3267

Why not use qremove? pmap_kremove_device() doesn't perform TLB invalidation, which I presume is why you're using qremove elsewhere. The subr_devmap.c implementation doesn't either, which seems like a bug.

kib added inline comments.Jul 16 2020, 6:12 PM
sys/mips/mips/pmap.c
3267

I agree. I think that the only problem that this issue introduces is the lack of invalidation on removal, which means that next mapping (which we typically do without invalidating the allocated VA) has undefined consequences. It is almost fine to leave stale PTEs, except for speculations, but not fine to leave TLB unflushed.

cem planned changes to this revision.Jul 16 2020, 8:23 PM
cem added inline comments.
sys/amd64/amd64/pmap.c
8283

will fix

sys/mips/mips/pmap.c
3267

will do.

cem updated this revision to Diff 74542.Jul 16 2020, 8:27 PM
cem marked 2 inline comments as done.
  • pmap_qremove() over pmap_kremove_device() in mips
  • atop() for "/ PAGE_SIZE"
Harbormaster completed remote builds in B32369: Diff 74542.Jul 16 2020, 8:27 PM
dgmorris_earthlink.net accepted this revision.Jul 16 2020, 8:33 PM

LGTM.

This revision is now accepted and ready to land.Jul 16 2020, 8:33 PM
markj accepted this revision.Jul 16 2020, 9:17 PM
kib accepted this revision.Jul 16 2020, 10:04 PM
Closed by commit rS363266: Revert r240317 to prevent leaking pmap entries (authored by cem). · Explain WhyJul 16 2020, 11:29 PM
This revision was automatically updated to reflect the committed changes.
cem added a commit: rS363266: Revert r240317 to prevent leaking pmap entries.
Herald added a subscriber: imp. · View Herald TranscriptJul 16 2020, 11:29 PM

Revision Contents
Changeset List

PathSize
sys/
amd64/
amd64/
4 lines
i386/
i386/
4 lines
mips/
mips/
1 line
powerpc/
aim/
1 line
1 line
4 lines
booke/
1 line

Diff 74542

View Options

sys/amd64/amd64/pmap.c

Loading...
View Options

sys/i386/i386/pmap.c

Loading...
View Options

sys/mips/mips/pmap.c

Loading...
View Options

sys/powerpc/aim/mmu_oea.c

Loading...
View Options

sys/powerpc/aim/mmu_oea64.c

Loading...
View Options

sys/powerpc/aim/mmu_radix.c

Loading...
View Options

sys/powerpc/booke/pmap.c

Loading...