vm_map: fix iterator jump size
ClosedPublic
Actions

Authored by dougm on Apr 23 2025, 8:42 PM.

Details

Reviewers

kib
alc
markj

Commits

rG1cce7d86c86a: vm_map: fix iterator jump size

Summary

The index value in the loop in vm_map_pmap_enter jumps by 1, or some superpage size, in each iteration. Jump by the superpage size only when the entire superpage is being mapped.

Fixes: b3d89a0cde94 ("vm_map: use page iterators in pmap_enter")
Reported-by: syzbot+1cc9ede76727d2ea2e8d@syzkaller.appspotmail.com

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

dougm requested review of this revision.Apr 23 2025, 8:42 PM

dougm created this revision.

dougm added a reviewer: markj.Apr 23 2025, 10:23 PM

alc accepted this revision.Apr 24 2025, 6:57 AM

This revision is now accepted and ready to land.Apr 24 2025, 6:57 AM

alc added inline comments.Apr 24 2025, 7:08 AM

sys/vm/vm_map.c
2736–2741	On second thought, ...

Use 'jump' variable, as recommended.

This revision now requires review to proceed.Apr 24 2025, 7:27 AM

dougm edited the summary of this revision. (Show Details)Apr 24 2025, 7:51 AM

alc accepted this revision.Apr 24 2025, 7:52 AM

This revision is now accepted and ready to land.Apr 24 2025, 7:52 AM

kib accepted this revision.Apr 24 2025, 9:40 AM

I ran the syzkaller reproducer for an hour with D49987.154201.patch added. I added a further 4 hours of random test cases.
I did not observe any issues.

markj accepted this revision.Apr 24 2025, 1:22 PM

Closed by commit rG1cce7d86c86a: vm_map: fix iterator jump size (authored by dougm). · Explain WhyApr 24 2025, 3:49 PM

This revision was automatically updated to reflect the committed changes.

dougm added a commit: rG1cce7d86c86a: vm_map: fix iterator jump size.

Herald added a subscriber: imp. · View Herald TranscriptApr 24 2025, 3:49 PM