Unwire the kcov buffer when freeing the info struct.

Without this the physical memory will not be returned to the kernel. While here call vm_object_reference on the object when mmapping the buffer. This removed the need for buggy tracking of if it has been mapped or not. This fixes issues where kcov could use all the system memory. Reported by: tuexen Reviewed by: kib Sponsored by: DARPA, AFTL Differential Revision: https://reviews.freebsd.org/D19252
2019-02-20 22:41:14 +00:00 · 2019-02-20 22:41:14 +00:00 · 2a20bb1f08
commit 2a20bb1f08
parent fc60fcc79e
1 changed files with 16 additions and 1 deletions
--- a/sys/kern/kern_kcov.c
+++ b/sys/kern/kern_kcov.c
@ -58,6 +58,7 @@ __FBSDID("$FreeBSD$");
 #include <vm/vm_object.h>
 #include <vm/vm_page.h>
 #include <vm/vm_pager.h>
+#include <vm/vm_param.h>

 MALLOC_DEFINE(M_KCOV_INFO, "kcovinfo", "KCOV info type");

@ -347,6 +348,7 @@ kcov_mmap_single(struct cdev *dev, vm_ooffset_t *offset, vm_size_t size,
 	    info->mmap != false)
 		return (EINVAL);

+	vm_object_reference(info->bufobj);
 	info->mmap = true;
 	*offset = 0;
 	*object = info->bufobj;
@ -393,13 +395,26 @@ kcov_alloc(struct kcov_info *info, size_t entries)
 static void
 kcov_free(struct kcov_info *info)
 {
+	vm_page_t m;
+	size_t i;

 	if (info->kvaddr != 0) {
 		pmap_qremove(info->kvaddr, info->bufsize / PAGE_SIZE);
 		kva_free(info->kvaddr, info->bufsize);
 	}
-	if (info->bufobj != NULL && !info->mmap)
+	if (info->bufobj != NULL) {
+		VM_OBJECT_WLOCK(info->bufobj);
+		m = vm_page_lookup(info->bufobj, 0);
+		for (i = 0; i < info->bufsize / PAGE_SIZE; i++) {
+			vm_page_lock(m);
+			vm_page_unwire_noq(m);
+			vm_page_unlock(m);
+
+			m = vm_page_next(m);
+		}
+		VM_OBJECT_WUNLOCK(info->bufobj);
 		vm_object_deallocate(info->bufobj);
+	}
 	free(info, M_KCOV_INFO);
 }