Date: Tue, 29 Apr 2014 18:42:37 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r265100 - head/sys/vm Message-ID: <201404291842.s3TIgbSF079228@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Tue Apr 29 18:42:37 2014 New Revision: 265100 URL: http://svnweb.freebsd.org/changeset/base/265100 Log: For the VM_PHYSSEG_DENSE case, checking the requested range to fall into the area backed by vm_page_array wrongly compared end with vm_page_array_size. It should be adjusted by first_page index to be correct. Also, the corner and incorrect case of the requested range extending after the end of the vm_page_array was incorrectly handled by allocating the segment. Fix the comparision for the end of range and return EINVAL if the end extends beyond vm_page_array. Discussed with: royger Sponsored by: The FreeBSD Foundation MFC after: 1 week Modified: head/sys/vm/vm_phys.c Modified: head/sys/vm/vm_phys.c ============================================================================== --- head/sys/vm/vm_phys.c Tue Apr 29 17:48:57 2014 (r265099) +++ head/sys/vm/vm_phys.c Tue Apr 29 18:42:37 2014 (r265100) @@ -551,7 +551,9 @@ vm_phys_fictitious_reg_range(vm_paddr_t #ifdef VM_PHYSSEG_DENSE pi = atop(start); - if (pi >= first_page && atop(end) < vm_page_array_size) { + if (pi >= first_page && pi < vm_page_array_size + first_page) { + if (atop(end) >= vm_page_array_size + first_page) + return (EINVAL); fp = &vm_page_array[pi - first_page]; malloced = FALSE; } else
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404291842.s3TIgbSF079228>