Date: Fri, 24 Feb 2017 08:09:16 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r314195 - head/sys/vm Message-ID: <201702240809.v1O89G3w035400@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Fri Feb 24 08:09:16 2017 New Revision: 314195 URL: https://svnweb.freebsd.org/changeset/base/314195 Log: Properly handle possible underflow in vm_fault_prefault(). In vm_fault_prefault(), if backward count causes underflow in calculation of starta = addra - backward * PAGE_SIZE; then starta must be clipped to entry->start, instead of zero. Clipping to zero allowed mapping outside of the map entries address ranges, in particular, map at zero. Submitted by: Yanko Yankulov <yanko.yankulov@gmail.com> Reviewed by: alc MFC after: 1 week Modified: head/sys/vm/vm_fault.c Modified: head/sys/vm/vm_fault.c ============================================================================== --- head/sys/vm/vm_fault.c Fri Feb 24 07:53:56 2017 (r314194) +++ head/sys/vm/vm_fault.c Fri Feb 24 08:09:16 2017 (r314195) @@ -1368,11 +1368,12 @@ vm_fault_prefault(const struct faultstat entry = fs->entry; - starta = addra - backward * PAGE_SIZE; - if (starta < entry->start) { + if (addra < backward * PAGE_SIZE) { starta = entry->start; - } else if (starta > addra) { - starta = 0; + } else { + starta = addra - backward * PAGE_SIZE; + if (starta < entry->start) + starta = entry->start; } /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702240809.v1O89G3w035400>