From e1bb9b8c6dc3e9cd9909351ae5b634908cfb833d Mon Sep 17 00:00:00 2001 From: mlarkin Date: Mon, 6 Apr 2026 18:27:33 +0000 Subject: [PATCH] zero direct map pages before populating Zero the DM PTE/PDE pages before use. Fixes a bug on machines with more than 512GB RAM; those pages might contain previous data/junk and panic during pmap_randomize. Tested on various amd64 laptops, an openbsd amd64 vmm VM and an EPYC server with 1TB RAM. Fix supplied by Chris Cunningham, thanks! --- sys/arch/amd64/amd64/pmap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sys/arch/amd64/amd64/pmap.c b/sys/arch/amd64/amd64/pmap.c index 51fcf470d9e..44552332d90 100644 --- a/sys/arch/amd64/amd64/pmap.c +++ b/sys/arch/amd64/amd64/pmap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmap.c,v 1.189 2026/03/09 13:24:13 deraadt Exp $ */ +/* $OpenBSD: pmap.c,v 1.190 2026/04/06 18:27:33 mlarkin Exp $ */ /* $NetBSD: pmap.c,v 1.3 2003/05/08 18:13:13 thorpej Exp $ */ /* @@ -798,6 +798,7 @@ pmap_bootstrap(paddr_t first_avail, paddr_t max_pa) dmpdp = kpm->pm_pdir[PDIR_SLOT_DIRECT] & pg_frame; dmpd = first_avail; first_avail += ndmpdp * PAGE_SIZE; + memset((void *)PMAP_DIRECT_MAP(dmpd), 0, ndmpdp * PAGE_SIZE); for (i = NDML2_ENTRIES; i < NPDPG * ndmpdp; i++) { paddr_t pdp; @@ -836,6 +837,7 @@ pmap_bootstrap(paddr_t first_avail, paddr_t max_pa) /* Next 512GB, new PML4e and L3(512GB) page */ dmpd = first_avail; first_avail += PAGE_SIZE; pml3 = (pt_entry_t *)PMAP_DIRECT_MAP(dmpd); + memset(pml3, 0, PAGE_SIZE); kpm->pm_pdir[PDIR_SLOT_DIRECT + curslot] = dmpd | PG_KW | PG_V | PG_U | PG_M | pg_nx | pg_crypt; @@ -857,6 +859,7 @@ pmap_bootstrap(paddr_t first_avail, paddr_t max_pa) for (i = 0; i < p; i++) { dmpd = first_avail; first_avail += PAGE_SIZE; pml2 = (pt_entry_t *)PMAP_DIRECT_MAP(dmpd); + memset(pml2, 0, PAGE_SIZE); pml3[i] = dmpd | PG_RW | PG_V | PG_U | PG_M | pg_nx | pg_crypt;