Date: Tue, 20 Dec 2011 20:29:46 +0000 (UTC) From: Alan Cox <alc@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r228747 - head/sys/i386/xen Message-ID: <201112202029.pBKKTkkJ033679@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: alc Date: Tue Dec 20 20:29:45 2011 New Revision: 228747 URL: http://svn.freebsd.org/changeset/base/228747 Log: The size passed to kmem functions should be in terms of bytes and not pages. Avoid an out-of-bounds array access. Reviewed by: cperciva Modified: head/sys/i386/xen/mp_machdep.c Modified: head/sys/i386/xen/mp_machdep.c ============================================================================== --- head/sys/i386/xen/mp_machdep.c Tue Dec 20 20:16:12 2011 (r228746) +++ head/sys/i386/xen/mp_machdep.c Tue Dec 20 20:29:45 2011 (r228747) @@ -810,7 +810,7 @@ cpu_initialize_context(unsigned int cpu) { /* vcpu_guest_context_t is too large to allocate on the stack. * Hence we allocate statically and protect it with a lock */ - vm_page_t m[4]; + vm_page_t m[NPGPTD + 2]; static vcpu_guest_context_t ctxt; vm_offset_t boot_stack; vm_offset_t newPTD; @@ -831,8 +831,8 @@ cpu_initialize_context(unsigned int cpu) pmap_zero_page(m[i]); } - boot_stack = kmem_alloc_nofault(kernel_map, 1); - newPTD = kmem_alloc_nofault(kernel_map, NPGPTD); + boot_stack = kmem_alloc_nofault(kernel_map, PAGE_SIZE); + newPTD = kmem_alloc_nofault(kernel_map, NPGPTD * PAGE_SIZE); ma[0] = VM_PAGE_TO_MACH(m[0])|PG_V; #ifdef PAE @@ -854,7 +854,7 @@ cpu_initialize_context(unsigned int cpu) nkpt*sizeof(vm_paddr_t)); pmap_qremove(newPTD, 4); - kmem_free(kernel_map, newPTD, 4); + kmem_free(kernel_map, newPTD, 4 * PAGE_SIZE); /* * map actual idle stack to boot_stack */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201112202029.pBKKTkkJ033679>