FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=main 2026-04-15T18:00:38Z 2026-04-15T18:00:38Z Mark Johnston markj@FreeBSD.org 2026-04-15T18:00:38Z urn:sha1:b6b0afefec4739923897d984448704ce34a21e6b John points out that this probably should have been removed in commit 472888018ce, which removed a special case where we'd set desired=0 if the target process has P_INMEM clear. It's not obvious to me that the desired=0 case can't arise by setting an RSS limit to 0, but I'm not sure why we'd try to go the extra mile in that case anyway. Reported by: jhb Reviewed by: kib MFC after: 2 weeks Fixes: 472888018ce1 ("proc: Remove kernel stack swapping support, part 6") Differential Revision: https://reviews.freebsd.org/D56140 2026-04-08T14:04:29Z Mark Johnston markj@FreeBSD.org 2026-04-08T04:21:09Z urn:sha1:04132e01004316ddd0e0cde6ef15b100b7b1844d - When allocating a page, we should only consider the PG_ZERO flag when handling the top-level page. - Unconditionally reset the flag when restarting the fault handler. Previously, vm_fault_busy_sleep() would fail to reset it. PR: 294039 Reviewed by: kib Tested by: Peter Much <pmc@citylink.dinoex.sub.org> MFC after: 3 days Fixes: cff67bc43df1 ("vm_fault: only rely on PG_ZERO when the page was newly allocated") Differential Revision: https://reviews.freebsd.org/D56234 2026-03-27T00:25:31Z Mark Johnston markj@FreeBSD.org 2026-03-27T00:25:31Z urn:sha1:f404109e90eee7f67ddaae3f52286d524a190fa0 The pmap layer requires writeable superpage mappings to be dirty. Otherwise, during demotion, we may miss a hw update of the PDE which sets the dirty bit. When creating a managed superpage mapping without promotion, i.e., with pmap_enter(psind == 1), we must therefore ensure that a writeable mapping is created with the dirty bit pre-set. To that end, vm_fault_soft_fast(), when handling a map entry with write permissions, checks whether all constituent pages are dirty, and if so, converts the fault to a write fault, so that pmap_enter() does the right thing. If one or more pages is not dirty, we simply create a 4K mapping. vm_fault_populate(), which may also create superpage mappings, did not do this, and thus could create mappings which violate the invariant described above. Modify it to instead check whether all constituent pages are already dirty, and if so, convert the fault to a write fault. Otherwise the mapping is downgraded to read-only. Reported by: ashafer Reviewed by: alc, kib MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D55536 2026-03-19T00:52:10Z Kirk McKusick mckusick@FreeBSD.org 2026-03-19T00:52:10Z urn:sha1:dad6e6fc1ea4b737e9f1661ebd30da5d551e3d4a Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D55888 MFC-after: 1 week Sponsored by: Netflix 2026-03-19T00:45:23Z Kirk McKusick mckusick@FreeBSD.org 2026-03-19T00:45:23Z urn:sha1:51446d33c6fbc27ce21f54ebb4c27caace48c3be Near the top of kern_mmap() that implements the mmap(2) system call, it sets prot = PROT_EXTRACT(prot); with So prot can only be the three PROT_ flags. The following test of the user's mmap(2) parameters (near line 275 in vm/vm_mmap.c): if (prot != PROT_NONE && (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC)) != 0) { return (EXTERROR(EINVAL, "invalid prot %#jx", prot)); } can never fail. This commit deletes it. No functional change intended. Reviewed by: kib MFC-after: 1 week Sponsored by: Netflix 2026-03-16T22:00:44Z isoux isa@isoux.org 2026-02-20T19:54:35Z urn:sha1:83d7a4966f08f34a699da649bd4f714b450df39b Include index values and object pointer in the diagnostic to improve debugging of pindex mismatches. No functional change. Signed-off-by: Isa Isoux <isa@isoux.org> Reviewed by: kib, pouria Pull Request: https://github.com/freebsd/freebsd-src/pull/2038 2026-02-19T10:29:02Z Olivier Certner olce@FreeBSD.org 2026-02-16T12:53:16Z urn:sha1:d18aaeff8fd314e79642062d95110ad174bd1882 No functional change (intended). MFC after: 2 weeks Sponsored by: The FreeBSD Foundation 2026-02-03T14:44:55Z Jean-Sébastien Pédron dumbbell@FreeBSD.org 2026-02-03T12:04:58Z urn:sha1:465ba08bb53796b24dceca0d2ccde5a0e2630a2b When trying to unregister a fictitious range in `vm_phys_fictitious_unreg_range()`, the function checks the properties of the looked up segment, but it does not check if a segment was found in the first place. This can happen with the amdgpu DRM driver which could call `vm_phys_fictitious_unreg_range()` without a fictitious range registered if the initialisation of the driver failed (for example because firmwares are unavailable). The code in the DRM driver was improved to avoid that, but `vm_phys_fictitious_unreg_range()` should still check the return value of `RB_FIND()` before trying to dereference the segment pointer and panic with a page fault. Reviewed by: emaste Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D55076 2026-01-19T16:20:36Z Konstantin Belousov kib@FreeBSD.org 2026-01-18T21:14:59Z urn:sha1:83d98828867591b5d842573ed6edcec7392f82df On amd64, a hack sets td_critnest to 1 in hammer_time(), and then clear it before returning from hammer_time(), which is too early. Instead, set TDP_NOFAULTING for thread0, and clear the flag after vm_init() finished. Noted by: adrian Reviewed by: adrian (previous version), markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D54768 2026-01-17T03:33:24Z Konstantin Belousov kib@FreeBSD.org 2026-01-17T03:30:09Z urn:sha1:325baf00735756d024b903bfcee50b4f09e90129 Initialize pindex in swap_pager_getpages_locked() before the loop actually calculating it by skipping bogus pages. Compiler is worried that loop might never assign to it, which actually cannot happen. Sponsored by: The FreeBSD Foundation Fixes: d198ad51ea73bbb162336923a387f52b0b1c1f1d MFC after: 1 week