CVS commit: src/sys/uvm

Sun, 10 Nov 2019 12:38:40 -0800 

Module Name:    src
Committed By:   chs
Date:           Sun Nov 10 20:38:33 UTC 2019

Modified Files:
        src/sys/uvm: uvm_fault.c

Log Message:
in uvm_fault_lower_io(), fetch all the map entry values that we need
before we unlock everything.

Reported-by: syzbot+bb6f0092562222b48...@syzkaller.appspotmail.com


To generate a diff of this commit:
cvs rdiff -u -r1.207 -r1.208 src/sys/uvm/uvm_fault.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/uvm/uvm_fault.c
diff -u src/sys/uvm/uvm_fault.c:1.207 src/sys/uvm/uvm_fault.c:1.208
--- src/sys/uvm/uvm_fault.c:1.207	Mon Aug  5 17:36:42 2019
+++ src/sys/uvm/uvm_fault.c	Sun Nov 10 20:38:33 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: uvm_fault.c,v 1.207 2019/08/05 17:36:42 chs Exp $	*/
+/*	$NetBSD: uvm_fault.c,v 1.208 2019/11/10 20:38:33 chs Exp $	*/
 
 /*
  * Copyright (c) 1997 Charles D. Cranor and Washington University.
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uvm_fault.c,v 1.207 2019/08/05 17:36:42 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uvm_fault.c,v 1.208 2019/11/10 20:38:33 chs Exp $");
 
 #include "opt_uvmhist.h"
 
@@ -1904,11 +1904,18 @@ uvm_fault_lower_io(
 	int gotpages;
 	int error;
 	voff_t uoff;
+	vm_prot_t access_type;
+	int advice;
 	UVMHIST_FUNC("uvm_fault_lower_io"); UVMHIST_CALLED(maphist);
 
 	/* update rusage counters */
 	curlwp->l_ru.ru_majflt++;
 
+	/* grab everything we need from the entry before we unlock */
+	uoff = (ufi->orig_rvaddr - ufi->entry->start) + ufi->entry->offset;
+	access_type = flt->access_type & MASK(ufi->entry);
+	advice = ufi->entry->advice;
+
 	/* Locked: maps(read), amap(if there), uobj */
 	uvmfault_unlockall(ufi, amap, NULL);
 
@@ -1918,10 +1925,8 @@ uvm_fault_lower_io(
 	uvmexp.fltget++;
 	gotpages = 1;
 	pg = NULL;
-	uoff = (ufi->orig_rvaddr - ufi->entry->start) + ufi->entry->offset;
 	error = uobj->pgops->pgo_get(uobj, uoff, &pg, &gotpages,
-	    0, flt->access_type & MASK(ufi->entry), ufi->entry->advice,
-	    PGO_SYNCIO);
+	    0, access_type, advice, PGO_SYNCIO);
 	/* locked: pg(if no error) */
 
 	/*

Reply via email to