The branch stable/13 has been updated by wulf: URL: https://cgit.FreeBSD.org/src/commit/?id=767e3ba2e63346953a5dacd0779013ca22f36170
commit 767e3ba2e63346953a5dacd0779013ca22f36170 Author: Vladimir Kondratyev <[email protected]> AuthorDate: 2021-09-29 20:14:05 +0000 Commit: Vladimir Kondratyev <[email protected]> CommitDate: 2021-10-13 09:02:49 +0000 LinuxKPI: Allow cdev_pager prefault handler to steal pages from other vm_objects. This workarounds "Page already inserted" panic in vm_page_insert routine triggered on attempt to mmap file created with shmem_file_setup call. After introduction of "GTT mmap interface v4" a.k.a. MMAP_OFFSET, vm_objects allocated by these calls may try to own intersected sets of pages that leads to the assertion. Reviewed by: kib Differential revision: https://reviews.freebsd.org/D32090 (cherry picked from commit 62ff0566c93056e00b3c9c3f8d2ac1e7d8e0c098) --- sys/compat/linuxkpi/common/src/linux_page.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/sys/compat/linuxkpi/common/src/linux_page.c b/sys/compat/linuxkpi/common/src/linux_page.c index cbe6d2530b91..c7191fef3429 100644 --- a/sys/compat/linuxkpi/common/src/linux_page.c +++ b/sys/compat/linuxkpi/common/src/linux_page.c @@ -281,6 +281,7 @@ lkpi_vmf_insert_pfn_prot_locked(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn, pgprot_t prot) { vm_object_t vm_obj = vma->vm_obj; + vm_object_t tmp_obj; vm_page_t page; vm_pindex_t pindex; @@ -296,6 +297,32 @@ retry: page = PHYS_TO_VM_PAGE(IDX_TO_OFF(pfn)); if (!vm_page_busy_acquire(page, VM_ALLOC_WAITFAIL)) goto retry; + if (page->object != NULL) { + tmp_obj = page->object; + vm_page_xunbusy(page); + VM_OBJECT_WUNLOCK(vm_obj); + VM_OBJECT_WLOCK(tmp_obj); + if (page->object == tmp_obj && + vm_page_busy_acquire(page, VM_ALLOC_WAITFAIL)) { + KASSERT(page->object == tmp_obj, + ("page has changed identity")); + KASSERT((page->oflags & VPO_UNMANAGED) == 0, + ("page does not belong to shmem")); + vm_pager_page_unswapped(page); + if (pmap_page_is_mapped(page)) { + vm_page_xunbusy(page); + VM_OBJECT_WUNLOCK(tmp_obj); + printf("%s: page rename failed: page " + "is mapped\n", __func__); + VM_OBJECT_WLOCK(vm_obj); + return (VM_FAULT_NOPAGE); + } + vm_page_remove(page); + } + VM_OBJECT_WUNLOCK(tmp_obj); + VM_OBJECT_WLOCK(vm_obj); + goto retry; + } if (vm_page_insert(page, vm_obj, pindex)) { vm_page_xunbusy(page); return (VM_FAULT_OOM);
