Date: Sat, 26 Jun 2021 04:04:01 GMT From: Alan Cox <alc@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 5dd84e315a9f - main - arm64: fix a potential KVA leak in pmap_demote_l1() Message-ID: <202106260404.15Q441e2042479@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by alc: URL: https://cgit.FreeBSD.org/src/commit/?id=5dd84e315a9f777772017f9f628aa67f08a6493a commit 5dd84e315a9f777772017f9f628aa67f08a6493a Author: Alan Cox <alc@FreeBSD.org> AuthorDate: 2021-06-26 03:29:38 +0000 Commit: Alan Cox <alc@FreeBSD.org> CommitDate: 2021-06-26 04:01:32 +0000 arm64: fix a potential KVA leak in pmap_demote_l1() In the unlikely event that the 1 GB page mapping being demoted is used to access the L1 page table page containing the 1 GB page mapping and the vm_page_alloc() to allocate a new L2 page table page fails, we would leak a page of kernel virtual address space. Fix this leak. MFC after: 1 week --- sys/arm64/arm64/pmap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/arm64/arm64/pmap.c b/sys/arm64/arm64/pmap.c index a6f716370810..76ca8eab70ff 100644 --- a/sys/arm64/arm64/pmap.c +++ b/sys/arm64/arm64/pmap.c @@ -6010,7 +6010,8 @@ pmap_demote_l1(pmap_t pmap, pt_entry_t *l1, vm_offset_t va) VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) { CTR2(KTR_PMAP, "pmap_demote_l1: failure for va %#lx" " in pmap %p", va, pmap); - return (NULL); + l2 = NULL; + goto fail; } l2phys = VM_PAGE_TO_PHYS(ml2); @@ -6039,6 +6040,7 @@ pmap_demote_l1(pmap_t pmap, pt_entry_t *l1, vm_offset_t va) pmap_update_entry(pmap, l1, l2phys | L1_TABLE, va, PAGE_SIZE); +fail: if (tmpl1 != 0) { pmap_kremove(tmpl1); kva_free(tmpl1, PAGE_SIZE);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202106260404.15Q441e2042479>