kern/67460: pmap_prefault_pageorder array initialization is broken

Uwe Doering gemini at geminix.org
Tue Jun 1 11:50:23 PDT 2004 

>Number:         67460
>Category:       kern
>Synopsis:       pmap_prefault_pageorder array initialization is broken
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 01 11:50:22 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Uwe Doering
>Release:        FreeBSD 4.5-RELEASE i386
>Organization:
EscapeBox - Managed On-Demand UNIX Servers
>Environment:
System: FreeBSD geminix.org 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Thu May 27 11:49:01 GMT 2004 root at localhost:/STABLE_Enhanced_Edition i386

>Description:
There is a comma missing in the table initializing the
pmap_prefault_pageorder array.  This has two effects:

1. The resulting bogus contents of the array thwarts part of the
optimization effect pmap_prefault() is supposed to have.

2. The resulting array is only 7 elements long (auto-sized), while
pmap_prefault() expects it to be the intended 8 elements.  So this
function in fact accesses memory beyond the end of the array.
Fortunately though, if the data at this location is out of bounds it
will be ignored.

This bug dates back more than 6 years.  It has been introduced in
revision 1.178.  Please note that pmap.c for alpha is broken in the
same way.

>How-To-Repeat:
Look at what's actually in the array:

  gdb -k /kernel
  (kgdb) print (&pmap_prefault_pageorder)[0]
  (kgdb) print (&pmap_prefault_pageorder)[1]
    ...
  (kgdb) print (&pmap_prefault_pageorder)[7]

>Fix:
Please consider the following patch:

--- pmap.c.diff begins here ---
--- src/sys/i386/i386/pmap.c.orig	Sun Jan 13 12:30:58 2002
+++ src/sys/i386/i386/pmap.c	Tue Jun  1 19:20:46 2004
@@ -2464,7 +2464,7 @@
 static int pmap_prefault_pageorder[] = {
 	-PAGE_SIZE, PAGE_SIZE,
 	-2 * PAGE_SIZE, 2 * PAGE_SIZE,
-	-3 * PAGE_SIZE, 3 * PAGE_SIZE
+	-3 * PAGE_SIZE, 3 * PAGE_SIZE,
 	-4 * PAGE_SIZE, 4 * PAGE_SIZE
 };
 
--- pmap.c.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list