From f972eda7ed812deb77bcbe564bc8fc422b029399 Mon Sep 17 00:00:00 2001 From: Idan Horowitz Date: Thu, 21 Dec 2023 23:23:52 +0200 Subject: [PATCH] Kernel: Mark cloned volatile purgeable AnonymousVMOjects as purged Our existing AnonymousVMObject cloning flow contains an optimization wherein purgeable VMObjects which are marked volatile during the clone are created as a new zero-filled VMObject (as if it was purged), which lets us skip the expensive COW process. Unfortunately, one crucial part was missing: Marking the cloned region as purged, (which is the value returned from madvise when unmarking the region as volatile) so the userland logic was left unaware of the effective zero-ing of their memory region, resulting in odd behaviour and crashes in places like our malloc's large allocation support. --- Kernel/Memory/AnonymousVMObject.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/Kernel/Memory/AnonymousVMObject.cpp b/Kernel/Memory/AnonymousVMObject.cpp index a8aa1d0912b..7070d8ccafa 100644 --- a/Kernel/Memory/AnonymousVMObject.cpp +++ b/Kernel/Memory/AnonymousVMObject.cpp @@ -24,6 +24,7 @@ ErrorOr> AnonymousVMObject::try_clone() // object, effectively "pre-purging" it in the child process. auto clone = TRY(try_create_purgeable_with_size(size(), AllocationStrategy::None)); clone->m_volatile = true; + clone->m_was_purged = true; return clone; }