diff options
| author | Conrad Meyer <cem@FreeBSD.org> | 2020-07-16 23:29:26 +0000 |
|---|---|---|
| committer | Conrad Meyer <cem@FreeBSD.org> | 2020-07-16 23:29:26 +0000 |
| commit | 4ae224c6633de9ab5ab29da11a2cbb42b71ae852 (patch) | |
| tree | 1304702bf837290c0ecfa9e317cda2313b26b2a4 /sys/i386 | |
| parent | bbbefa33c9088f2f411479d5b15c671abe0ea38c (diff) | |
| download | src-4ae224c6633de9ab5ab29da11a2cbb42b71ae852.tar.gz src-4ae224c6633de9ab5ab29da11a2cbb42b71ae852.zip | |
Revert r240317 to prevent leaking pmap entries
Subsequent to r240317, kmem_free() was replaced with kva_free() (r254025).
kva_free() releases the KVA allocation for the mapped region, but no longer
clears the pmap (pagetable) entries.
An affected pmap_unmapdev operation would leave the still-pmap'd VA space
free for allocation by other KVA consumers. However, this bug easily
avoided notice for ~7 years because most devices (1) never call
pmap_unmapdev and (2) on amd64, mostly fit within the DMAP and do not need
KVA allocations. Other affected arch are less popular: i386, MIPS, and
PowerPC. Arm64, arm32, and riscv are not affected.
Reported by: Don Morris <dgmorris AT earthlink.net>
Submitted by: Don Morris (amd64 part)
Reviewed by: kib, markj, Don (!amd64 parts)
MFC after: I don't intend to, but you might want to
Sponsored by: Dell Isilon
Differential Revision: https://reviews.freebsd.org/D25689
Notes
Notes:
svn path=/head/; revision=363266
Diffstat (limited to 'sys/i386')
| -rw-r--r-- | sys/i386/i386/pmap.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/i386/i386/pmap.c b/sys/i386/i386/pmap.c index 7d564ba48950..5ee0b1c98a5f 100644 --- a/sys/i386/i386/pmap.c +++ b/sys/i386/i386/pmap.c @@ -5538,8 +5538,10 @@ __CONCAT(PMTYPE, unmapdev)(vm_offset_t va, vm_size_t size) return; } } - if (pmap_initialized) + if (pmap_initialized) { + pmap_qremove(va, atop(size)); kva_free(va, size); + } } /* |