d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

The size passed to kmem functions should be in terms of bytes and not

Browse Source 
pages.

Avoid an out-of-bounds array access.

Reviewed by:	cperciva
This commit is contained in:
Alan Cox 2011-12-20 20:29:45 +00:00
parent 971238ae48
commit 7e77373c83
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/i386/xen/mp_machdep.c
View File

@ -810,7 +810,7 @@ cpu_initialize_context(unsigned int cpu)
{
/* vcpu_guest_context_t is too large to allocate on the stack.
* Hence we allocate statically and protect it with a lock */
vm_page_t m[4];
vm_page_t m[NPGPTD + 2];
static vcpu_guest_context_t ctxt;
vm_offset_t boot_stack;
vm_offset_t newPTD;
@ -831,8 +831,8 @@ cpu_initialize_context(unsigned int cpu)
pmap_zero_page(m[i]);
}
boot_stack = kmem_alloc_nofault(kernel_map, 1);
newPTD = kmem_alloc_nofault(kernel_map, NPGPTD);
boot_stack = kmem_alloc_nofault(kernel_map, PAGE_SIZE);
newPTD = kmem_alloc_nofault(kernel_map, NPGPTD * PAGE_SIZE);
ma[0] = VM_PAGE_TO_MACH(m[0])|PG_V;
#ifdef PAE
@ -854,7 +854,7 @@ cpu_initialize_context(unsigned int cpu)
nkpt*sizeof(vm_paddr_t));
pmap_qremove(newPTD, 4);
kmem_free(kernel_map, newPTD, 4);
kmem_free(kernel_map, newPTD, 4 * PAGE_SIZE);
/*
* map actual idle stack to boot_stack
*/