svn commit: r342736 - head/sys/riscv/riscv
Mark Johnston
markj at FreeBSD.org
Thu Jan 3 16:26:53 UTC 2019
Author: markj
Date: Thu Jan 3 16:26:52 2019
New Revision: 342736
URL: https://svnweb.freebsd.org/changeset/base/342736
Log:
Fix a use-after-free in the riscv pmap_release() implementation.
Don't bother zeroing the top-level page before freeing it. Previously,
the page was freed before being zeroed.
Reviewed by: jhb, kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D18720
Modified:
head/sys/riscv/riscv/pmap.c
Modified: head/sys/riscv/riscv/pmap.c
==============================================================================
--- head/sys/riscv/riscv/pmap.c Thu Jan 3 16:24:03 2019 (r342735)
+++ head/sys/riscv/riscv/pmap.c Thu Jan 3 16:26:52 2019 (r342736)
@@ -1297,17 +1297,13 @@ pmap_release(pmap_t pmap)
("pmap_release: pmap resident count %ld != 0",
pmap->pm_stats.resident_count));
- m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pmap->pm_l1));
- vm_page_unwire_noq(m);
- vm_page_free_zero(m);
-
- /* Remove pmap from the allpmaps list */
mtx_lock(&allpmaps_lock);
LIST_REMOVE(pmap, pm_list);
mtx_unlock(&allpmaps_lock);
- /* Remove kernel pagetables */
- bzero(pmap->pm_l1, PAGE_SIZE);
+ m = PHYS_TO_VM_PAGE(DMAP_TO_PHYS((vm_offset_t)pmap->pm_l1));
+ vm_page_unwire_noq(m);
+ vm_page_free(m);
}
#if 0
More information about the svn-src-head
mailing list