Unwire the kcov buffer when freeing the info struct.

Without this the physical memory will not be returned to the kernel. While here call vm_object_reference on the object when mmapping the buffer. This removed the need for buggy tracking of if it has been mapped or not. This fixes issues where kcov could use all the system memory. Reported by: tuexen Reviewed by: kib Sponsored by: DARPA, AFTL Differential Revision: https://reviews.freebsd.org/D19252
svn path=/head/; revision=344391
2025-01-15 15:06:42 +00:00 · 2019-02-20 22:41:14 +00:00 · 2019-02-20 22:41:14 +00:00 · 01ffedf593 · 2020-12-20 02:59:44 +00:00
commit 01ffedf593
parent a759a0a001
1 changed files with 16 additions and 1 deletions
--- a/sys/kern/kern_kcov.c
+++ b/sys/kern/kern_kcov.c
@ -58,6 +58,7 @@ __FBSDID("$FreeBSD$");
 #include <vm/vm_object.h>
 #include <vm/vm_page.h>
 #include <vm/vm_pager.h>
+#include <vm/vm_param.h>

 MALLOC_DEFINE(M_KCOV_INFO, "kcovinfo", "KCOV info type");

@ -347,6 +348,7 @@ kcov_mmap_single(struct cdev *dev, vm_ooffset_t *offset, vm_size_t size,
 	    info->mmap != false)
 		return (EINVAL);

+	vm_object_reference(info->bufobj);
 	info->mmap = true;
 	*offset = 0;
 	*object = info->bufobj;
@ -393,13 +395,26 @@ kcov_alloc(struct kcov_info *info, size_t entries)
 static void
 kcov_free(struct kcov_info *info)
 {
+	vm_page_t m;
+	size_t i;

 	if (info->kvaddr != 0) {
 		pmap_qremove(info->kvaddr, info->bufsize / PAGE_SIZE);
 		kva_free(info->kvaddr, info->bufsize);
 	}
-	if (info->bufobj != NULL && !info->mmap)
+	if (info->bufobj != NULL) {
+		VM_OBJECT_WLOCK(info->bufobj);
+		m = vm_page_lookup(info->bufobj, 0);
+		for (i = 0; i < info->bufsize / PAGE_SIZE; i++) {
+			vm_page_lock(m);
+			vm_page_unwire_noq(m);
+			vm_page_unlock(m);
+
+			m = vm_page_next(m);
+		}
+		VM_OBJECT_WUNLOCK(info->bufobj);
 		vm_object_deallocate(info->bufobj);
+	}
 	free(info, M_KCOV_INFO);
 }