Date: Fri, 1 Feb 2008 18:16:11 GMT From: Kip Macy <kmacy@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 134595 for review Message-ID: <200802011816.m11IGBPB077792@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=134595 Change 134595 by kmacy@kmacy:storage:toehead on 2008/02/01 18:15:23 fix bounds checks in vm_fault_hold_pages Affected files ... .. //depot/projects/toehead/sys/dev/cxgb/ulp/tom/cxgb_vm.c#3 edit Differences ... ==== //depot/projects/toehead/sys/dev/cxgb/ulp/tom/cxgb_vm.c#3 (text+ko) ==== @@ -37,9 +37,9 @@ vm_fault_hold_user_pages(vm_offset_t addr, vm_page_t *mp, int count, int flags) { - vm_offset_t start, va; + vm_offset_t end, va; vm_paddr_t pa; - int pageslen, faults, rv; + int faults, rv; struct thread *td; vm_map_t map; @@ -53,8 +53,8 @@ * and user do not share VA - however, it appears that all FreeBSD * architectures define it */ - pageslen = count * PAGE_SIZE; - if (addr + pageslen > VM_MAXUSER_ADDRESS) + end = addr + (count * PAGE_SIZE); + if (end > VM_MAXUSER_ADDRESS) return (EFAULT); TRACE_ENTER; @@ -72,7 +72,7 @@ * if so just mark pages as held (and dirty if for write) and return */ vm_page_lock_queues(); - for (start = addr, pages = mp, faults = 0, va = addr; va < start + pageslen; va += PAGE_SIZE, pages++) { + for (pages = mp, faults = 0, va = addr; va < end; va += PAGE_SIZE, pages++) { /* * Assure that we only hold the page once */ @@ -106,7 +106,7 @@ * trigger a fault where neccessary * */ - for (va = start; va < pageslen; va += PAGE_SIZE) { + for (va = addr; va < end; va += PAGE_SIZE) { m = NULL; pa = pmap_extract(pmap, va); rv = 0; @@ -124,10 +124,7 @@ error: vm_page_lock_queues(); - for (pages = mp, - va = start; va < start + pageslen; - va += PAGE_SIZE, - pages++) + for (pages = mp, va = addr; va < end; va += PAGE_SIZE, pages++) if (*pages) vm_page_unhold(*pages); vm_page_unlock_queues();
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802011816.m11IGBPB077792>