Page MenuHomeFreeBSD
Differential D18714

i386: Use atomic 64bit load to read PDE value from PAE pagetables in pmap_kextract().
ClosedPublic
Actions

Authored by kib on Jan 2 2019, 1:17 PM.
Tags
None
Referenced Files
F101909190: D18714.id52560.diff
Tue, Nov 5, 12:09 PM
F101909075: D18714.id52478.diff
Tue, Nov 5, 12:08 PM
Unknown Object (File)
Fri, Oct 18, 7:46 AM
Unknown Object (File)
Oct 2 2024, 3:10 AM
Unknown Object (File)
Sep 28 2024, 7:51 PM
Unknown Object (File)
Sep 27 2024, 8:47 AM
Unknown Object (File)
Sep 22 2024, 3:00 PM
Unknown Object (File)
Sep 21 2024, 5:38 PM
View All 37 Files
Subscribers
imp
pho

Details

Reviewers
alc
markj
Commits
rS342769: i386: Use atomic 64bit load to read PDE value from PAE pagetables in
Summary

pmap_kextract() can race with promotion/demotion on the kernel page table, in which case current non-atomic 64bit read would see torn value, breaking pmap_kextract(). pmap_kextract() would correctly handle either promoted or demoted PDE, but not the mix where one word is from a different state.

It requires PAE and > 4G memory to reproduce. We observed this in real loads, both for intensive use of malloc()/free() where vtoslab() returned invalid pointer to the slab, and with the use of busdma_bounce, where incorrect page was bounced.

In collaboration with: pho

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 21803

Revision Contents
Changeset List

PathSize
sys/
i386/
include/
52 lines

Diff 52478

View Options

sys/i386/include/pmap.h

Loading...