Correct an error in the allocation of the vm_page_dump array in
vm_page_startup(). Specifically, the dump_avail array should be used instead of the phys_avail array to calculate the size of vm_page_dump. For example, the pages for the message buffer are allocated prior to vm_page_startup() by subtracting them from the last entry in the phys_avail array, but the first thing that vm_page_startup() does after creating the vm_page_dump array is to set the bits corresponding to the message buffer pages in that array. However, these bits might not actually exist in the array, because the size of the array is determined by the current value in the last entry of the phys_avail array. In general, the only reason why this doesn't always result in an out-of-bounds array access is that the size of the vm_page_dump array is rounded up to the next page boundary. This change eliminates that dependence on rounding (and luck). MFC after: 6 weeks
This commit is contained in:
parent
6d2f981e9b
commit
05cb58f669
@ -282,7 +282,6 @@ vm_page_startup(vm_offset_t vaddr)
|
||||
vm_paddr_t new_end;
|
||||
int i;
|
||||
vm_paddr_t pa;
|
||||
int nblocks;
|
||||
vm_paddr_t last_pa;
|
||||
char *list;
|
||||
|
||||
@ -294,7 +293,6 @@ vm_page_startup(vm_offset_t vaddr)
|
||||
|
||||
biggestsize = 0;
|
||||
biggestone = 0;
|
||||
nblocks = 0;
|
||||
vaddr = round_page(vaddr);
|
||||
|
||||
for (i = 0; phys_avail[i + 1]; i += 2) {
|
||||
@ -316,7 +314,6 @@ vm_page_startup(vm_offset_t vaddr)
|
||||
low_water = phys_avail[i];
|
||||
if (phys_avail[i + 1] > high_water)
|
||||
high_water = phys_avail[i + 1];
|
||||
++nblocks;
|
||||
}
|
||||
|
||||
#ifdef XEN
|
||||
@ -372,7 +369,11 @@ vm_page_startup(vm_offset_t vaddr)
|
||||
* minidump code. In theory, they are not needed on i386, but are
|
||||
* included should the sf_buf code decide to use them.
|
||||
*/
|
||||
page_range = phys_avail[(nblocks - 1) * 2 + 1] / PAGE_SIZE;
|
||||
last_pa = 0;
|
||||
for (i = 0; dump_avail[i + 1] != 0; i += 2)
|
||||
if (dump_avail[i + 1] > last_pa)
|
||||
last_pa = dump_avail[i + 1];
|
||||
page_range = last_pa / PAGE_SIZE;
|
||||
vm_page_dump_size = round_page(roundup2(page_range, NBBY) / NBBY);
|
||||
new_end -= vm_page_dump_size;
|
||||
vm_page_dump = (void *)(uintptr_t)pmap_map(&vaddr, new_end,
|
||||
|
Loading…
Reference in New Issue
Block a user