Skip to content

Commit

Permalink
Reported-by: syzbot+fd9be59aa613bbf4eba8@syzkaller.appspotmail.com
Browse files Browse the repository at this point in the history 
Reported-by: syzbot+15dd4dbac6ed159faa4a@syzkaller.appspotmail.com
Reported-by: syzbot+38fa02d3b0e46e57c156@syzkaller.appspotmail.com

pmap_remove_all(): need to drain PV pages only after the PTEs are unmapped,
otherwise there can be a context switch with them mapped in.  XXX amd64
should use the direct map.
  • Loading branch information
@doranand
doranand committed May 29, 2020
1 parent f0574a0 commit 2ac4ea7
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions sys/arch/x86/x86/pmap.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: pmap.c,v 1.396 2020/05/27 19:33:40 ad Exp $ */
/* $NetBSD: pmap.c,v 1.397 2020/05/29 22:40:15 ad Exp $ */

/*
* Copyright (c) 2008, 2010, 2016, 2017, 2019, 2020 The NetBSD Foundation, Inc.
Expand Down Expand Up @@ -130,7 +130,7 @@
*/

#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: pmap.c,v 1.396 2020/05/27 19:33:40 ad Exp $");
__KERNEL_RCSID(0, "$NetBSD: pmap.c,v 1.397 2020/05/29 22:40:15 ad Exp $");

#include "opt_user_ldt.h"
#include "opt_lockdebug.h"
Expand Down Expand Up @@ -3145,7 +3145,6 @@ pmap_zap_ptp(struct pmap *pmap, struct vm_page *ptp, pt_entry_t *pte,
#ifdef DIAGNOSTIC
rb_tree_init(tree, &pmap_rbtree_ops);
#endif
pmap_drain_pv(pmap);
#else /* !XENPV */
/*
* XXXAD For XEN, it's not clear to me that we can do this, because
Expand Down Expand Up @@ -3216,6 +3215,7 @@ pmap_remove_all(struct pmap *pmap)
pmap_free_ptp(pmap, ptps[i], va, ptes, pdes);
}
pmap_unmap_ptes(pmap, pmap2);
pmap_drain_pv(pmap);
pmap_tlb_shootdown(pmap, -1L, 0, TLBSHOOT_REMOVE_ALL);
mutex_exit(&pmap->pm_lock);

Expand Down

0 comments on commit 2ac4ea7

Please sign in to comment.