From owner-freebsd-bugs Thu May 2 10:21:47 2002 Delivered-To: freebsd-bugs@freebsd.org Received: from hpux27.dc.engr.scu.edu (hpux27.dc.engr.scu.edu [129.210.16.27]) by hub.freebsd.org (Postfix) with ESMTP id 7AB7437B433 for ; Thu, 2 May 2002 10:20:20 -0700 (PDT) Received: from localhost (dclark@localhost) by hpux27.dc.engr.scu.edu (8.10.2/8.10.2) with ESMTP id g42HKJu26660; Thu, 2 May 2002 10:20:19 -0700 (PDT) Date: Thu, 2 May 2002 10:20:19 -0700 (PDT) From: "Dorr H. Clark" To: freebsd-bugs@FreeBSD.ORG Cc: Matthew Dillon Subject: Re: kern/36504: crash/panic vm_object_allocate under file system code w/fix In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 2 Apr 2002, Matt Dillon wrote: > > Second problem: vm_object_allocate() assumes that > > the zalloc() will succeed. An audit of other references to vm_object_allocate() reveals that about half are null tolerant and half are not. This set of changes cleans up most of the other unprotected references. -dhc --- /usr/src/sys/vm/device_pager.c Wed Aug 2 14:54:37 2000 +++ device_pager.c Tue Apr 30 12:44:59 2002 @@ -147,9 +147,11 @@ */ object = vm_object_allocate(OBJT_DEVICE, OFF_TO_IDX(foff + size)); - object->handle = handle; - TAILQ_INIT(&object->un_pager.devp.devp_pglist); - TAILQ_INSERT_TAIL(&dev_pager_object_list, object, pager_object_list); + if (object) { + object->handle = handle; + TAILQ_INIT(&object->un_pager.devp.devp_pglist); + TAILQ_INSERT_TAIL(&dev_pager_object_list, object, pager_object_list); + } } else { /* * Gain a reference to the object. --- /usr/src/sys/vm/phys_pager.c Sat Dec 16 18:05:41 2000 +++ phys_pager.c Tue Apr 30 12:44:59 2002 @@ -85,9 +85,11 @@ */ object = vm_object_allocate(OBJT_PHYS, OFF_TO_IDX(foff + size)); - object->handle = handle; - TAILQ_INSERT_TAIL(&phys_pager_object_list, object, - pager_object_list); + if (object) { + object->handle = handle; + TAILQ_INSERT_TAIL(&phys_pager_object_list, + object, pager_object_list); + } } else { /* * Gain a reference to the object. --- /usr/src/sys/vm/swap_pager.c Fri Aug 24 15:54:33 2001 +++ swap_pager.c Tue Apr 30 13:13:23 2002 @@ -377,9 +409,10 @@ } else { object = vm_object_allocate(OBJT_DEFAULT, OFF_TO_IDX(offset + PAGE_MASK + size)); - object->handle = handle; - - swp_pager_meta_build(object, 0, SWAPBLK_NONE); + if (object) { + object->handle = handle; + swp_pager_meta_build(object, 0, SWAPBLK_NONE); + } } if (sw_alloc_interlock < 0) @@ -389,8 +422,7 @@ } else { object = vm_object_allocate(OBJT_DEFAULT, OFF_TO_IDX(offset + PAGE_MASK + size)); - - swp_pager_meta_build(object, 0, SWAPBLK_NONE); + if (object) swp_pager_meta_build(object, 0, SWAPBLK_NONE); } return (object); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message