diff options
| author | dyson <dyson@FreeBSD.org> | 1997-01-22 01:34:48 +0000 |
|---|---|---|
| committer | dyson <dyson@FreeBSD.org> | 1997-01-22 01:34:48 +0000 |
| commit | 7a02d1469fc277de47333714482ba31901b7020e (patch) | |
| tree | 5d6d54e77e521f71db852934c83db87011b3cc71 /sys/vm | |
| parent | f6715456ffeda72a518e160d0fd37493d5e3abfb (diff) | |
| download | FreeBSD-src-7a02d1469fc277de47333714482ba31901b7020e.zip FreeBSD-src-7a02d1469fc277de47333714482ba31901b7020e.tar.gz | |
Fix two problems where a NULL object is dereferenced. One problem
was in the VM_INHERIT_SHARE case of vmspace_fork, and also in vm_map_madvise.
Submitted by: Alan Cox <alc@cs.rice.edu>
Diffstat (limited to 'sys/vm')
| -rw-r--r-- | sys/vm/vm_map.c | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c index 5c622eb..68cf4e1 100644 --- a/sys/vm/vm_map.c +++ b/sys/vm/vm_map.c @@ -1210,9 +1210,22 @@ vm_map_madvise(map, pmap, start, end, advise) for(current = entry; (current != &map->header) && (current->start < end); current = current->next) { + vm_size_t size = current->end - current->start; + if (current->eflags & (MAP_ENTRY_IS_A_MAP|MAP_ENTRY_IS_SUB_MAP)) { continue; } + + /* + * Create an object if needed + */ + if (current->object.vm_object == NULL) { + vm_object_t object; + object = vm_object_allocate(OBJT_DEFAULT, OFF_TO_IDX(size)); + current->object.vm_object = object; + current->offset = 0; + } + vm_map_clip_end(map, current, end); switch (advise) { case MADV_NORMAL: @@ -1233,7 +1246,7 @@ vm_map_madvise(map, pmap, start, end, advise) { vm_pindex_t pindex; int count; - vm_size_t size = current->end - current->start; + size = current->end - current->start; pindex = OFF_TO_IDX(entry->offset); count = OFF_TO_IDX(size); /* @@ -1249,7 +1262,7 @@ vm_map_madvise(map, pmap, start, end, advise) { vm_pindex_t pindex; int count; - vm_size_t size = current->end - current->start; + size = current->end - current->start; pindex = OFF_TO_IDX(current->offset); count = OFF_TO_IDX(size); vm_object_madvise(current->object.vm_object, @@ -2133,14 +2146,25 @@ vmspace_fork(vm1) case VM_INHERIT_NONE: break; - case VM_INHERIT_SHARE: + case VM_INHERIT_SHARE: + /* + * Clone the entry, creating the shared object if necessary. + */ + object = old_entry->object.vm_object; + if (object == NULL) { + object = vm_object_allocate(OBJT_DEFAULT, + OFF_TO_IDX(old_entry->end - + old_entry->start)); + old_entry->object.vm_object = object; + old_entry->offset = (vm_offset_t) 0; + } + /* * Clone the entry, referencing the sharing map. */ new_entry = vm_map_entry_create(new_map); *new_entry = *old_entry; new_entry->wired_count = 0; - object = new_entry->object.vm_object; ++object->ref_count; /* |
