Make sure we don't index the pm_rid array out of bounds in

pmap_ensure_rid(). This can happen because the function is called for both user and kernel addresses, while the rid array only has room for user addresses. This bug got exposed by rev 1.58 of ia64/ia64/pmap.c and rev 1.8 of ia64/include/pmap.h.
author: marcel <marcel@FreeBSD.org> 2002-05-04 08:04:28 +0000
committer: marcel <marcel@FreeBSD.org> 2002-05-04 08:04:28 +0000
commit: 4d32ac868827005fb0303be600ddf1a0c7ff6b64 (patch)
tree: c4b350530d511be2a60c414019dac25cb5d43f34 /sys/ia64
parent: 1d5057f8933a5be773e3832a997a6c2570feca31 (diff)
download: FreeBSD-src-4d32ac868827005fb0303be600ddf1a0c7ff6b64.zip
FreeBSD-src-4d32ac868827005fb0303be600ddf1a0c7ff6b64.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/sys/ia64/ia64/pmap.c b/sys/ia64/ia64/pmap.c
index 734d8c5..46af2e4 100644
--- a/sys/ia64/ia64/pmap.c
+++ b/sys/ia64/ia64/pmap.c
@@ -637,6 +637,16 @@ pmap_ensure_rid(pmap_t pmap, vm_offset_t va)
 	int rr;
 
 	rr = va >> 61;
+
+	/*
+	 * We get called for virtual addresses that may just as well be
+	 * kernel addresses (ie region 5, 6 or 7). Since the pm_rid field
+	 * only holds region IDs for user regions, we have to make sure
+	 * the region is within bounds.
+	 */
+	if (rr >= 5)
+		return;
+
 	if (pmap->pm_rid[rr])
 		return;
author	marcel <marcel@FreeBSD.org>	2002-05-04 08:04:28 +0000
committer	marcel <marcel@FreeBSD.org>	2002-05-04 08:04:28 +0000
commit	4d32ac868827005fb0303be600ddf1a0c7ff6b64 (patch)
tree	c4b350530d511be2a60c414019dac25cb5d43f34 /sys/ia64
parent	1d5057f8933a5be773e3832a997a6c2570feca31 (diff)
download	FreeBSD-src-4d32ac868827005fb0303be600ddf1a0c7ff6b64.zip FreeBSD-src-4d32ac868827005fb0303be600ddf1a0c7ff6b64.tar.gz