vm_fault: Reset m_needs_zeroing properly

- When allocating a page, we should only consider the PG_ZERO flag when
  handling the top-level page.
- Unconditionally reset the flag when restarting the fault handler.
  Previously, vm_fault_busy_sleep() would fail to reset it.

Approved by:	so
Security:	FreeBSD-EN-26:05.vm
PR:		294039
Reviewed by:	kib
Tested by:	Peter Much <pmc@citylink.dinoex.sub.org>
MFC after:	3 days
Fixes:		cff67bc43df1 ("vm_fault: only rely on PG_ZERO when the page was newly allocated")
Differential Revision:	https://reviews.freebsd.org/D56234

(cherry picked from commit 04132e01004316ddd0e0cde6ef15b100b7b1844d)
(cherry picked from commit 9b7c0f4f81f06424899094d4381dede79669b623)

sys/vm/vm_fault.c

@@ -265,8 +265,6 @@ vm_fault_unlock_vp(struct faultstate *fs)
 static void
 vm_fault_deallocate(struct faultstate *fs)
 {
-
-	fs->m_needs_zeroing = true;
 	vm_fault_page_release(&fs->m_cow);
 	vm_fault_page_release(&fs->m);
 	vm_object_pip_wakeup(fs->object);
@@ -1288,7 +1286,8 @@ vm_fault_allocate(struct faultstate *fs)
 			vm_waitpfault(dset, vm_pfault_oom_wait * hz);
 		return (FAULT_RESTART);
 	}
-	fs->m_needs_zeroing = (fs->m->flags & PG_ZERO) == 0;
+	if (fs->object == fs->first_object)
+		fs->m_needs_zeroing = (fs->m->flags & PG_ZERO) == 0;
 	fs->oom_started = false;
 
 	return (FAULT_CONTINUE);
@@ -1556,7 +1555,6 @@ vm_fault(vm_map_t map, vm_offset_t vaddr, vm_prot_t fault_type,
 	fs.fault_flags = fault_flags;
 	fs.map = map;
 	fs.lookup_still_valid = false;
-	fs.m_needs_zeroing = true;
 	fs.oom_started = false;
 	fs.nera = -1;
 	fs.can_read_lock = true;
@@ -1565,6 +1563,7 @@ vm_fault(vm_map_t map, vm_offset_t vaddr, vm_prot_t fault_type,
 
 RetryFault:
 	fs.fault_type = fault_type;
+	fs.m_needs_zeroing = true;
 
 	/*
 	 * Find the backing store object and offset into it to begin the