Diffusion FreeBSD src repository - subversion rS362034

powerpc/pmap: Fix pte_find_next() iterators for booke64 pmap
rS362034
Actions

Description

powerpc/pmap: Fix pte_find_next() iterators for booke64 pmap

After r361988 fixed the reference count leak on booke64, it became possible
for an iteration somewhere in the middle of a page to become stale, with the
page vanishing (correctly) due to all PTEs on that page going away.
pte_find_next() would start at that iterator, and move along 'higher' order
directory pages until it finds a valid one, without zeroing out the lower
order pages. For instance:

/* Find next pte at or above 0x10002000. */
pte = pte_find_next(pmap, &(0x10002000));
pte_remove(pmap, pte);
/* This pte was the last reference in the page table page, page is

gone.

*/

pte = pte_find_next(pmap, 0x10002000);
/* pte_find_next will see 0x10002000's page is gone, and jump to the

next one, but starting iteration at the '0x2000' slot, skipping
0x0000 and 0x1000.

*/

This caused some processes, like git, to trip the KASSERT() in
pmap_release().

Fix this by zeroing all lower order iterators at each level.

Details

Provenance

jhibbits

Authored on

Parents

rS362033: Remove double-calls to tc_get_timecount() to warm timecounters.

Branches

Unknown

Tags

Unknown

Event Timeline

jhibbits committed rS362034: powerpc/pmap: Fix pte_find_next() iterators for booke64 pmap.Jun 10 2020, 11:03 PM

Changes (1)

Path

Size

head/

sys/

powerpc/

booke/

pmap_64.c

rS362034

View Options

head/sys/powerpc/booke/pmap_64.c