Module Name: src
Committed By: chs
Date: Sat Jun 8 23:48:33 UTC 2019
Modified Files:
src/sys/uvm: uvm_map.c
Log Message:
in uvm_map_protect(), do a pmap_update() before possibly switching from
removing pmap entries to creating them. this fixes the problem reported in
https://syzkaller.appspot.com/bug?id=cc89e47f05e4eea2fd69bcccb5e837f8d1ab4d60
To generate a diff of this commit:
cvs rdiff -u -r1.359 -r1.360 src/sys/uvm/uvm_map.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/uvm/uvm_map.c
diff -u src/sys/uvm/uvm_map.c:1.359 src/sys/uvm/uvm_map.c:1.360
--- src/sys/uvm/uvm_map.c:1.359 Thu Mar 14 19:10:04 2019
+++ src/sys/uvm/uvm_map.c Sat Jun 8 23:48:33 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: uvm_map.c,v 1.359 2019/03/14 19:10:04 kre Exp $ */
+/* $NetBSD: uvm_map.c,v 1.360 2019/06/08 23:48:33 chs Exp $ */
/*
* Copyright (c) 1997 Charles D. Cranor and Washington University.
@@ -66,7 +66,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uvm_map.c,v 1.359 2019/03/14 19:10:04 kre Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uvm_map.c,v 1.360 2019/06/08 23:48:33 chs Exp $");
#include "opt_ddb.h"
#include "opt_pax.h"
@@ -3127,6 +3127,17 @@ uvm_map_protect(struct vm_map *map, vadd
VM_MAPENT_ISWIRED(current) == 0 &&
old_prot == VM_PROT_NONE &&
new_prot != VM_PROT_NONE) {
+
+ /*
+ * We must call pmap_update() here because the
+ * pmap_protect() call above might have removed some
+ * pmap entries and uvm_map_pageable() might create
+ * some new pmap entries that rely on the prior
+ * removals being completely finished.
+ */
+
+ pmap_update(map->pmap);
+
if (uvm_map_pageable(map, current->start,
current->end, false,
UVM_LK_ENTER|UVM_LK_EXIT) != 0) {
