Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 9 Feb 2016 06:26:27 +0000 (UTC)
From:      Wojciech Macek <wma@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r295425 - head/sys/arm64/arm64
Message-ID:  <201602090626.u196QRbr002999@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: wma
Date: Tue Feb  9 06:26:27 2016
New Revision: 295425
URL: https://svnweb.freebsd.org/changeset/base/295425

Log:
  Ignore invalid page descriptors in ARM64 pmap_mincore
  
      Prevent the function from null-pointer-dereference when unexisting
      mapping is being processed.
  
  Obtained from:         Semihalf
  Sponsored by:          Cavium
  Approved by:           cognet (mentor)
  Reviewed by:           zbb, cognet
  Differential revision: https://reviews.freebsd.org/D5228

Modified:
  head/sys/arm64/arm64/pmap.c

Modified: head/sys/arm64/arm64/pmap.c
==============================================================================
--- head/sys/arm64/arm64/pmap.c	Tue Feb  9 03:35:40 2016	(r295424)
+++ head/sys/arm64/arm64/pmap.c	Tue Feb  9 06:26:27 2016	(r295425)
@@ -3074,7 +3074,11 @@ retry:
 	l1p = pmap_l1(pmap, addr);
 	if (l1p == NULL) /* No l1 */
 		goto done;
+
 	l1 = pmap_load(l1p);
+	if ((l1 & ATTR_DESCR_MASK) == L1_INVAL)
+		goto done;
+
 	if ((l1 & ATTR_DESCR_MASK) == L1_BLOCK) {
 		pa = (l1 & ~ATTR_MASK) | (addr & L1_OFFSET);
 		managed = (l1 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;
@@ -3089,7 +3093,11 @@ retry:
 	l2p = pmap_l1_to_l2(l1p, addr);
 	if (l2p == NULL) /* No l2 */
 		goto done;
+
 	l2 = pmap_load(l2p);
+	if ((l2 & ATTR_DESCR_MASK) == L2_INVAL)
+		goto done;
+
 	if ((l2 & ATTR_DESCR_MASK) == L2_BLOCK) {
 		pa = (l2 & ~ATTR_MASK) | (addr & L2_OFFSET);
 		managed = (l2 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;
@@ -3104,7 +3112,11 @@ retry:
 	l3p = pmap_l2_to_l3(l2p, addr);
 	if (l3p == NULL) /* No l3 */
 		goto done;
+
 	l3 = pmap_load(l2p);
+	if ((l3 & ATTR_DESCR_MASK) == L3_INVAL)
+		goto done;
+
 	if ((l3 & ATTR_DESCR_MASK) == L3_PAGE) {
 		pa = (l3 & ~ATTR_MASK) | (addr & L3_OFFSET);
 		managed = (l3 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201602090626.u196QRbr002999>