Date: Fri, 1 Aug 2025 23:39:09 -0700 From: Mark Millard <marklmi@yahoo.com> To: "romain@freebsd.org" <romain@FreeBSD.org>, dev-commits-src-branches@freebsd.org, dev-commits-src-main@freebsd.org Cc: Konstantin Belousov <kib@freebsd.org>, Mark Johnston <markj@FreeBSD.org> Subject: RE: git: 8d4464377219 - stable/14 - vm_page: Fix loading bad memory addresses from file Message-ID: <F18894D8-B4CF-4064-B52E-98FA6647C957@yahoo.com> References: <F18894D8-B4CF-4064-B52E-98FA6647C957.ref@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Romain Tarti=C3=A8re <romain_at_FreeBSD.org> wrote on Date: Sat, 02 Aug 2025 05:31:12 UTC : > Romain Tarti=C3=A8re <romain_at_FreeBSD.org> > Date: Sat, 02 Aug 2025 05:31:12 UTC > The branch stable/14 has been updated by romain: >=20 > URL: = https://cgit.FreeBSD.org/src/commit/?id=3D8d4464377219dcf45e87510b73767c9e= c3515bc2 >=20 > commit 8d4464377219dcf45e87510b73767c9ec3515bc2 > Author: Romain Tarti=C3=A8re <romain@FreeBSD.org> > AuthorDate: 2025-07-25 18:31:57 +0000 > Commit: Romain Tarti=C3=A8re <romain@FreeBSD.org> > CommitDate: 2025-08-02 05:30:18 +0000 >=20 > vm_page: Fix loading bad memory addresses from file > =20 > When loading bad memory addresses from a file, we are passed an = end > pointer that points on the first byte after the buffer. We want = the > buffer to be null-terminated (by changing the last byte to \0 if = it is > reasonable to do so), so adjust the end pointer to be on that = byte. > =20 > Approved by: kib, markj > MFC after: 1 week > Differential Revision: https://reviews.freebsd.org/D51433 > =20 > (cherry picked from commit = 202f8bde836dc86627be2b5b98174d9a0fb2eaba) > --- > sys/vm/vm_page.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/sys/vm/vm_page.c b/sys/vm/vm_page.c > index ac922f4a3bc8..f013cbc84c25 100644 > --- a/sys/vm/vm_page.c > +++ b/sys/vm/vm_page.c > @@ -393,7 +393,7 @@ vm_page_blacklist_load(char **list, char **end) > } > *list =3D ptr; > if (ptr !=3D NULL) > - *end =3D ptr + len; > + *end =3D ptr + len - 1; This looks wrong to me if/when len=3D=3D0 is possible. It looks possible, see below. > else > *end =3D NULL; > return; > return; More context, original code(from main): . . . mod =3D preload_search_by_type("ram_blacklist"); if (mod !=3D NULL) { ptr =3D preload_fetch_addr(mod); len =3D preload_fetch_size(mod); } *list =3D ptr; if (ptr !=3D NULL) *end =3D ptr + len; else *end =3D NULL; return; . . . But in /usr/src/sys/kern/subr_module.c : size_t preload_fetch_size(caddr_t mod) { size_t *mdp; mdp =3D (size_t *)preload_search_info(mod, MODINFO_SIZE); if (mdp =3D=3D NULL) return (0); return (*mdp); } Note the "return (0);" (possibly *mdp=3D=3D0 as well when mdp!=3D0 ?). Then, for that return, showing the substitution: + *end =3D ptr + 0 - 1; Simplifying for the specific case: + *end =3D ptr - 1; That looks likely to be wrong to me. =3D=3D=3D Mark Millard marklmi at yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F18894D8-B4CF-4064-B52E-98FA6647C957>