svn commit: r295425 - head/sys/arm64/arm64
Wojciech Macek
wma at FreeBSD.org
Tue Feb 9 06:26:29 UTC 2016
Author: wma
Date: Tue Feb 9 06:26:27 2016
New Revision: 295425
URL: https://svnweb.freebsd.org/changeset/base/295425
Log:
Ignore invalid page descriptors in ARM64 pmap_mincore
Prevent the function from null-pointer-dereference when unexisting
mapping is being processed.
Obtained from: Semihalf
Sponsored by: Cavium
Approved by: cognet (mentor)
Reviewed by: zbb, cognet
Differential revision: https://reviews.freebsd.org/D5228
Modified:
head/sys/arm64/arm64/pmap.c
Modified: head/sys/arm64/arm64/pmap.c
==============================================================================
--- head/sys/arm64/arm64/pmap.c Tue Feb 9 03:35:40 2016 (r295424)
+++ head/sys/arm64/arm64/pmap.c Tue Feb 9 06:26:27 2016 (r295425)
@@ -3074,7 +3074,11 @@ retry:
l1p = pmap_l1(pmap, addr);
if (l1p == NULL) /* No l1 */
goto done;
+
l1 = pmap_load(l1p);
+ if ((l1 & ATTR_DESCR_MASK) == L1_INVAL)
+ goto done;
+
if ((l1 & ATTR_DESCR_MASK) == L1_BLOCK) {
pa = (l1 & ~ATTR_MASK) | (addr & L1_OFFSET);
managed = (l1 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;
@@ -3089,7 +3093,11 @@ retry:
l2p = pmap_l1_to_l2(l1p, addr);
if (l2p == NULL) /* No l2 */
goto done;
+
l2 = pmap_load(l2p);
+ if ((l2 & ATTR_DESCR_MASK) == L2_INVAL)
+ goto done;
+
if ((l2 & ATTR_DESCR_MASK) == L2_BLOCK) {
pa = (l2 & ~ATTR_MASK) | (addr & L2_OFFSET);
managed = (l2 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;
@@ -3104,7 +3112,11 @@ retry:
l3p = pmap_l2_to_l3(l2p, addr);
if (l3p == NULL) /* No l3 */
goto done;
+
l3 = pmap_load(l2p);
+ if ((l3 & ATTR_DESCR_MASK) == L3_INVAL)
+ goto done;
+
if ((l3 & ATTR_DESCR_MASK) == L3_PAGE) {
pa = (l3 & ~ATTR_MASK) | (addr & L3_OFFSET);
managed = (l3 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;
More information about the svn-src-head
mailing list