Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 01 Jun 2004 20:47:16 +0200
From:      Uwe Doering <gemini@geminix.org>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   kern/67460: pmap_prefault_pageorder array initialization is broken
Message-ID:  <E1BVEI8-0009i8-00@geminix.org>
Resent-Message-ID: <200406011850.i51IoNNZ088759@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         67460
>Category:       kern
>Synopsis:       pmap_prefault_pageorder array initialization is broken
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 01 11:50:22 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Uwe Doering
>Release:        FreeBSD 4.5-RELEASE i386
>Organization:
EscapeBox - Managed On-Demand UNIX Servers
>Environment:
System: FreeBSD geminix.org 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Thu May 27 11:49:01 GMT 2004 root@localhost:/STABLE_Enhanced_Edition i386

>Description:
There is a comma missing in the table initializing the
pmap_prefault_pageorder array.  This has two effects:

1. The resulting bogus contents of the array thwarts part of the
optimization effect pmap_prefault() is supposed to have.

2. The resulting array is only 7 elements long (auto-sized), while
pmap_prefault() expects it to be the intended 8 elements.  So this
function in fact accesses memory beyond the end of the array.
Fortunately though, if the data at this location is out of bounds it
will be ignored.

This bug dates back more than 6 years.  It has been introduced in
revision 1.178.  Please note that pmap.c for alpha is broken in the
same way.

>How-To-Repeat:
Look at what's actually in the array:

  gdb -k /kernel
  (kgdb) print (&pmap_prefault_pageorder)[0]
  (kgdb) print (&pmap_prefault_pageorder)[1]
    ...
  (kgdb) print (&pmap_prefault_pageorder)[7]

>Fix:
Please consider the following patch:

--- pmap.c.diff begins here ---
--- src/sys/i386/i386/pmap.c.orig	Sun Jan 13 12:30:58 2002
+++ src/sys/i386/i386/pmap.c	Tue Jun  1 19:20:46 2004
@@ -2464,7 +2464,7 @@
 static int pmap_prefault_pageorder[] = {
 	-PAGE_SIZE, PAGE_SIZE,
 	-2 * PAGE_SIZE, 2 * PAGE_SIZE,
-	-3 * PAGE_SIZE, 3 * PAGE_SIZE
+	-3 * PAGE_SIZE, 3 * PAGE_SIZE,
 	-4 * PAGE_SIZE, 4 * PAGE_SIZE
 };
 
--- pmap.c.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1BVEI8-0009i8-00>