PERFORCE change 134595 for review
Kip Macy
kmacy at FreeBSD.org
Fri Feb 1 10:16:12 PST 2008
http://perforce.freebsd.org/chv.cgi?CH=134595
Change 134595 by kmacy at kmacy:storage:toehead on 2008/02/01 18:15:23
fix bounds checks in vm_fault_hold_pages
Affected files ...
.. //depot/projects/toehead/sys/dev/cxgb/ulp/tom/cxgb_vm.c#3 edit
Differences ...
==== //depot/projects/toehead/sys/dev/cxgb/ulp/tom/cxgb_vm.c#3 (text+ko) ====
@@ -37,9 +37,9 @@
vm_fault_hold_user_pages(vm_offset_t addr, vm_page_t *mp, int count, int flags)
{
- vm_offset_t start, va;
+ vm_offset_t end, va;
vm_paddr_t pa;
- int pageslen, faults, rv;
+ int faults, rv;
struct thread *td;
vm_map_t map;
@@ -53,8 +53,8 @@
* and user do not share VA - however, it appears that all FreeBSD
* architectures define it
*/
- pageslen = count * PAGE_SIZE;
- if (addr + pageslen > VM_MAXUSER_ADDRESS)
+ end = addr + (count * PAGE_SIZE);
+ if (end > VM_MAXUSER_ADDRESS)
return (EFAULT);
TRACE_ENTER;
@@ -72,7 +72,7 @@
* if so just mark pages as held (and dirty if for write) and return
*/
vm_page_lock_queues();
- for (start = addr, pages = mp, faults = 0, va = addr; va < start + pageslen; va += PAGE_SIZE, pages++) {
+ for (pages = mp, faults = 0, va = addr; va < end; va += PAGE_SIZE, pages++) {
/*
* Assure that we only hold the page once
*/
@@ -106,7 +106,7 @@
* trigger a fault where neccessary
*
*/
- for (va = start; va < pageslen; va += PAGE_SIZE) {
+ for (va = addr; va < end; va += PAGE_SIZE) {
m = NULL;
pa = pmap_extract(pmap, va);
rv = 0;
@@ -124,10 +124,7 @@
error:
vm_page_lock_queues();
- for (pages = mp,
- va = start; va < start + pageslen;
- va += PAGE_SIZE,
- pages++)
+ for (pages = mp, va = addr; va < end; va += PAGE_SIZE, pages++)
if (*pages)
vm_page_unhold(*pages);
vm_page_unlock_queues();
More information about the p4-projects
mailing list