From 9bd1a9fbfe3fc64b6c253afd4aec9a128906207f Mon Sep 17 00:00:00 2001 From: Martin Pieuchot Date: Sat, 2 Nov 2024 10:31:17 +0000 Subject: Check if the mapping for an vm_map_entry exists while holding its lock. Prevent a race where the mapped object is being truncated while we are spinning to unwire it. Reported-by: syzbot+189cd03d088cddbee591@syzkaller.appspotmail.com Adapted from NetBSD r1.207, ok miod@ --- sys/uvm/uvm_fault.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'sys/uvm') diff --git a/sys/uvm/uvm_fault.c b/sys/uvm/uvm_fault.c index 06b1c8b9198..4b904adf67f 100644 --- a/sys/uvm/uvm_fault.c +++ b/sys/uvm/uvm_fault.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_fault.c,v 1.136 2024/11/02 10:23:34 mpi Exp $ */ +/* $OpenBSD: uvm_fault.c,v 1.137 2024/11/02 10:31:16 mpi Exp $ */ /* $NetBSD: uvm_fault.c,v 1.51 2000/08/06 00:22:53 thorpej Exp $ */ /* @@ -1651,9 +1651,6 @@ uvm_fault_unwire_locked(vm_map_t map, vaddr_t start, vaddr_t end) panic("uvm_fault_unwire_locked: address not in map"); for (va = start; va < end ; va += PAGE_SIZE) { - if (pmap_extract(pmap, va, &pa) == FALSE) - continue; - /* * find the map entry for the current address. */ @@ -1679,6 +1676,9 @@ uvm_fault_unwire_locked(vm_map_t map, vaddr_t start, vaddr_t end) oentry = entry; } + if (!pmap_extract(pmap, va, &pa)) + continue; + /* * if the entry is no longer wired, tell the pmap. */ -- cgit v1.2.3