Date: Wed, 27 May 2020 21:41:01 -0500 From: Justin Hibbits <chmeeedalf@gmail.com> To: Brandon Bergren <bdragon@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r361568 - head/sys/powerpc/aim Message-ID: <20200527214101.59293529@titan.knownspace> In-Reply-To: <202005280049.04S0n3jS096937@repo.freebsd.org> References: <202005280049.04S0n3jS096937@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 28 May 2020 00:49:03 +0000 (UTC) Brandon Bergren <bdragon@FreeBSD.org> wrote: > Author: bdragon > Date: Thu May 28 00:49:02 2020 > New Revision: 361568 > URL: https://svnweb.freebsd.org/changeset/base/361568 > > Log: > [PowerPC] Fix radix crash when passing -1 from userspace > > Found by running libc tests with radix enabled. > > Detect unsigned integer wrapping with a postcondition. > > Note: Radix MMU is not enabled by default yet. > > Sponsored by: Tag1 Consulting, Inc. > > Modified: > head/sys/powerpc/aim/mmu_radix.c > > Modified: head/sys/powerpc/aim/mmu_radix.c > ============================================================================== > --- head/sys/powerpc/aim/mmu_radix.c Wed May 27 23:20:35 > 2020 (r361567) +++ head/sys/powerpc/aim/mmu_radix.c Thu > May 28 00:49:02 2020 (r361568) @@ -6000,7 +6000,8 @@ > mmu_radix_kremove(vm_offset_t va) int mmu_radix_map_user_ptr(pmap_t > pm, volatile const void *uaddr, void **kaddr, size_t ulen, size_t > *klen) { > - if ((uintptr_t)uaddr + ulen >= VM_MAXUSER_ADDRESS) > + if ((uintptr_t)uaddr + ulen >= VM_MAXUSER_ADDRESS || > + (uintptr_t)uaddr + ulen < (uintptr_t)uaddr) > return (EFAULT); > > *kaddr = (void *)(uintptr_t)uaddr; Wouldn't if ((uintptr_t)uaddr >= VM_MAXUSER_ADDRESS || (uintptr_t)uaddr + ulen >= VM_MAXUSER_ADDRESS) be more appropriate? - Justin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200527214101.59293529>