diff options
| author | kib <kib@FreeBSD.org> | 2014-04-29 18:42:37 +0000 |
|---|---|---|
| committer | kib <kib@FreeBSD.org> | 2014-04-29 18:42:37 +0000 |
| commit | 0c45ba8eb04a85e1796404415b8012342884d10e (patch) | |
| tree | b164b2f01c50282bb458b3345931e616c7155d53 | |
| parent | c7705e75e5be6ec09e66e5ec1d95f08d1536f399 (diff) | |
| download | FreeBSD-src-0c45ba8eb04a85e1796404415b8012342884d10e.zip FreeBSD-src-0c45ba8eb04a85e1796404415b8012342884d10e.tar.gz | |
For the VM_PHYSSEG_DENSE case, checking the requested range to fall
into the area backed by vm_page_array wrongly compared end with
vm_page_array_size. It should be adjusted by first_page index to be
correct.
Also, the corner and incorrect case of the requested range extending
after the end of the vm_page_array was incorrectly handled by
allocating the segment.
Fix the comparision for the end of range and return EINVAL if the end
extends beyond vm_page_array.
Discussed with: royger
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
| -rw-r--r-- | sys/vm/vm_phys.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/vm/vm_phys.c b/sys/vm/vm_phys.c index d8fe232..14960c8 100644 --- a/sys/vm/vm_phys.c +++ b/sys/vm/vm_phys.c @@ -551,7 +551,9 @@ vm_phys_fictitious_reg_range(vm_paddr_t start, vm_paddr_t end, #ifdef VM_PHYSSEG_DENSE pi = atop(start); - if (pi >= first_page && atop(end) < vm_page_array_size) { + if (pi >= first_page && pi < vm_page_array_size + first_page) { + if (atop(end) >= vm_page_array_size + first_page) + return (EINVAL); fp = &vm_page_array[pi - first_page]; malloced = FALSE; } else |
