Date: Thu, 2 May 2002 10:20:19 -0700 (PDT) From: "Dorr H. Clark" <dclark@applmath.scu.edu> To: freebsd-bugs@FreeBSD.ORG Cc: Matthew Dillon <dillon@apollo.backplane.com> Subject: Re: kern/36504: crash/panic vm_object_allocate under file system code w/fix Message-ID: <Pine.GHP.4.21.0205021018001.26625-100000@hpux27.dc.engr.scu.edu> In-Reply-To: <Pine.GHP.4.21.0204171024110.1958-100000@hpux38.dc.engr.scu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Apr 2002, Matt Dillon wrote:
> > Second problem: vm_object_allocate() assumes that
> > the zalloc() will succeed.
An audit of other references to vm_object_allocate()
reveals that about half are null tolerant and half are not.
This set of changes cleans up most of the other unprotected
references.
-dhc
--- /usr/src/sys/vm/device_pager.c Wed Aug 2 14:54:37 2000
+++ device_pager.c Tue Apr 30 12:44:59 2002
@@ -147,9 +147,11 @@
*/
object = vm_object_allocate(OBJT_DEVICE,
OFF_TO_IDX(foff + size));
- object->handle = handle;
- TAILQ_INIT(&object->un_pager.devp.devp_pglist);
- TAILQ_INSERT_TAIL(&dev_pager_object_list, object,
pager_object_list);
+ if (object) {
+ object->handle = handle;
+ TAILQ_INIT(&object->un_pager.devp.devp_pglist);
+ TAILQ_INSERT_TAIL(&dev_pager_object_list,
object,
pager_object_list);
+ }
} else {
/*
* Gain a reference to the object.
--- /usr/src/sys/vm/phys_pager.c Sat Dec 16 18:05:41 2000
+++ phys_pager.c Tue Apr 30 12:44:59 2002
@@ -85,9 +85,11 @@
*/
object = vm_object_allocate(OBJT_PHYS,
OFF_TO_IDX(foff + size));
- object->handle = handle;
- TAILQ_INSERT_TAIL(&phys_pager_object_list,
object,
- pager_object_list);
+ if (object) {
+ object->handle = handle;
+
TAILQ_INSERT_TAIL(&phys_pager_object_list,
+ object, pager_object_list);
+ }
} else {
/*
* Gain a reference to the object.
--- /usr/src/sys/vm/swap_pager.c Fri Aug 24 15:54:33 2001
+++ swap_pager.c Tue Apr 30 13:13:23 2002
@@ -377,9 +409,10 @@
} else {
object = vm_object_allocate(OBJT_DEFAULT,
OFF_TO_IDX(offset + PAGE_MASK + size));
- object->handle = handle;
-
- swp_pager_meta_build(object, 0, SWAPBLK_NONE);
+ if (object) {
+ object->handle = handle;
+ swp_pager_meta_build(object, 0,
SWAPBLK_NONE);
+ }
}
if (sw_alloc_interlock < 0)
@@ -389,8 +422,7 @@
} else {
object = vm_object_allocate(OBJT_DEFAULT,
OFF_TO_IDX(offset + PAGE_MASK + size));
-
- swp_pager_meta_build(object, 0, SWAPBLK_NONE);
+ if (object) swp_pager_meta_build(object, 0,
SWAPBLK_NONE);
}
return (object);
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GHP.4.21.0205021018001.26625-100000>