From 2a20bb1f0876cab6942a356a2d309057957f146a Mon Sep 17 00:00:00 2001 From: andrew Date: Wed, 20 Feb 2019 22:41:14 +0000 Subject: [PATCH] Unwire the kcov buffer when freeing the info struct. Without this the physical memory will not be returned to the kernel. While here call vm_object_reference on the object when mmapping the buffer. This removed the need for buggy tracking of if it has been mapped or not. This fixes issues where kcov could use all the system memory. Reported by: tuexen Reviewed by: kib Sponsored by: DARPA, AFTL Differential Revision: https://reviews.freebsd.org/D19252 --- sys/kern/kern_kcov.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_kcov.c b/sys/kern/kern_kcov.c index 4b8d5dd326f6..d6ac2aea9227 100644 --- a/sys/kern/kern_kcov.c +++ b/sys/kern/kern_kcov.c @@ -58,6 +58,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include MALLOC_DEFINE(M_KCOV_INFO, "kcovinfo", "KCOV info type"); @@ -347,6 +348,7 @@ kcov_mmap_single(struct cdev *dev, vm_ooffset_t *offset, vm_size_t size, info->mmap != false) return (EINVAL); + vm_object_reference(info->bufobj); info->mmap = true; *offset = 0; *object = info->bufobj; @@ -393,13 +395,26 @@ kcov_alloc(struct kcov_info *info, size_t entries) static void kcov_free(struct kcov_info *info) { + vm_page_t m; + size_t i; if (info->kvaddr != 0) { pmap_qremove(info->kvaddr, info->bufsize / PAGE_SIZE); kva_free(info->kvaddr, info->bufsize); } - if (info->bufobj != NULL && !info->mmap) + if (info->bufobj != NULL) { + VM_OBJECT_WLOCK(info->bufobj); + m = vm_page_lookup(info->bufobj, 0); + for (i = 0; i < info->bufsize / PAGE_SIZE; i++) { + vm_page_lock(m); + vm_page_unwire_noq(m); + vm_page_unlock(m); + + m = vm_page_next(m); + } + VM_OBJECT_WUNLOCK(info->bufobj); vm_object_deallocate(info->bufobj); + } free(info, M_KCOV_INFO); }