From 84a15fe70da40847e41c1f6a17d8d95891c72851 Mon Sep 17 00:00:00 2001
From: Konstantin Belousov <kib@FreeBSD.org>
Date: Wed, 4 Jul 2018 21:21:59 +0000
Subject: [PATCH] In x86 pmap_extract_and_hold()s, handle the case of
 PHYS_TO_VM_PAGE() returning NULL.

vm_fault_quick_hold_pages() can be legitimately called on userspace
mappings backed by fictitious pages created by unmanaged device and sg
pagers.

Note that other architectures pmap_extract_and_hold() might need
similar fix, but I postponed the examination.

Reported by:	bde
Discussed with:	alc
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D16085
---
 sys/amd64/amd64/pmap.c | 3 ++-
 sys/i386/i386/pmap.c   | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/sys/amd64/amd64/pmap.c b/sys/amd64/amd64/pmap.c
index 5dfca1557fe7..9a139a9f5b19 100644
--- a/sys/amd64/amd64/pmap.c
+++ b/sys/amd64/amd64/pmap.c
@@ -2319,7 +2319,8 @@ retry:
 				    &pa))
 					goto retry;
 				m = PHYS_TO_VM_PAGE(pte & PG_FRAME);
-				vm_page_hold(m);
+				if (m != NULL)
+					vm_page_hold(m);
 			}
 		}
 	}
diff --git a/sys/i386/i386/pmap.c b/sys/i386/i386/pmap.c
index 48a09859f45c..eaee2015cf17 100644
--- a/sys/i386/i386/pmap.c
+++ b/sys/i386/i386/pmap.c
@@ -1684,7 +1684,8 @@ retry:
 				    &pa))
 					goto retry;
 				m = PHYS_TO_VM_PAGE(pte & PG_FRAME);
-				vm_page_hold(m);
+				if (m != NULL)
+					vm_page_hold(m);
 			}
 		}
 	}