RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-24 21:27:44 +00:00
Code Issues Activity Actions

Kernel: Mark cloned volatile purgeable AnonymousVMOjects as purged

Browse source 
Our existing AnonymousVMObject cloning flow contains an optimization
wherein purgeable VMObjects which are marked volatile during the clone
are created as a new zero-filled VMObject (as if it was purged), which
lets us skip the expensive COW process.

Unfortunately, one crucial part was missing: Marking the cloned region
as purged, (which is the value returned from madvise when unmarking the
region as volatile) so the userland logic was left unaware of the
effective zero-ing of their memory region, resulting in odd behaviour
and crashes in places like our malloc's large allocation support.
This commit is contained in:
Idan Horowitz 2023-12-21 23:23:52 +02:00 committed by Andreas Kling
parent 1f88046bb2
commit f972eda7ed
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Kernel/Memory/AnonymousVMObject.cpp
View file

@ -24,6 +24,7 @@ ErrorOr<NonnullLockRefPtr<VMObject>> AnonymousVMObject::try_clone()
// object, effectively "pre-purging" it in the child process. // object, effectively "pre-purging" it in the child process.
auto clone = TRY(try_create_purgeable_with_size(size(), AllocationStrategy::None)); auto clone = TRY(try_create_purgeable_with_size(size(), AllocationStrategy::None));
clone->m_volatile = true; clone->m_volatile = true;
clone->m_was_purged = true;
return clone; return clone;
} }