diff options
| author | Konstantin Belousov <kib@FreeBSD.org> | 2018-09-28 14:11:01 +0000 |
|---|---|---|
| committer | Konstantin Belousov <kib@FreeBSD.org> | 2018-09-28 14:11:01 +0000 |
| commit | 9f25ab83f91986ff68681939620fe74c9dacc548 (patch) | |
| tree | 51ca66b8c59485c1e1e7fdc825a5c8cbbae22536 /sys/vm | |
| parent | a60d3db15ef0b4ff188c1c8ff0461645b1be06a8 (diff) | |
| download | src-9f25ab83f91986ff68681939620fe74c9dacc548.tar.gz src-9f25ab83f91986ff68681939620fe74c9dacc548.zip | |
In vm_fault_copy_entry(), we should not assert that entry is charged
if the dst_object is not of swap type.
It can only happen when entry does not require copy, otherwise
vm_map_protect() already adds the charge. So the assert was right for
the case where swap object was allocated in the vm_fault_copy_entry(),
but not when it was just copied from src_entry and its type is not
swap.
Reported by: andrew using syzkaller
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
Approved by: re (gjb)
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D17323
Notes
Notes:
svn path=/head/; revision=338998
Diffstat (limited to 'sys/vm')
| -rw-r--r-- | sys/vm/vm_fault.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index e3fcce3c74f1..d6545ba5f479 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -1650,7 +1650,9 @@ vm_fault_copy_entry(vm_map_t dst_map, vm_map_t src_map, dst_object->cred = curthread->td_ucred; crhold(dst_object->cred); *fork_charge += dst_object->charge; - } else if (dst_object->cred == NULL) { + } else if ((dst_object->type == OBJT_DEFAULT || + dst_object->type == OBJT_SWAP) && + dst_object->cred == NULL) { KASSERT(dst_entry->cred != NULL, ("no cred for entry %p", dst_entry)); dst_object->cred = dst_entry->cred; |