Fix bug in pipe code relating to writes of mmap'd but illegal address

spaces which cross a segment boundry in the page table. pmap_kextract() is not designed for access to the user space portion of the page table and cannot handle the null-page-directory-entry case. The fix is to have vm_fault_quick() return a success or failure which is then used to avoid calling pmap_kextract().
1999-09-20 19:08:48 +00:00 · 1999-09-20 19:08:48 +00:00 · 4cc712004c
commit 4cc712004c
parent 0355003f26
7 changed files with 30 additions and 19 deletions
--- a/sys/alpha/alpha/vm_machdep.c
+++ b/sys/alpha/alpha/vm_machdep.c
@ -97,15 +97,17 @@
 /*
 * quick version of vm_fault
 */
-void
+int
 vm_fault_quick(v, prot)
 	caddr_t v;
 	int prot;
 {
+	int r;
 	if (prot & VM_PROT_WRITE)
-		subyte(v, fubyte(v));
+		r = subyte(v, fubyte(v));
 	else
-		fubyte(v);
+		r = fubyte(v);
+	return(r);
 }

 /*
--- a/sys/amd64/amd64/vm_machdep.c
+++ b/sys/amd64/amd64/vm_machdep.c
@ -93,15 +93,18 @@ static volatile u_int	cpu_reset_proxy_active;
 /*
 * quick version of vm_fault
 */
-void
+int
 vm_fault_quick(v, prot)
 	caddr_t v;
 	int prot;
 {
+	int r;
+
 	if (prot & VM_PROT_WRITE)
-		subyte(v, fubyte(v));
+		r = subyte(v, fubyte(v));
 	else
-		fubyte(v);
+		r = fubyte(v);
+	return(r);
 }

 /*
--- a/sys/i386/i386/vm_machdep.c
+++ b/sys/i386/i386/vm_machdep.c
@ -93,15 +93,18 @@ static volatile u_int	cpu_reset_proxy_active;
 /*
 * quick version of vm_fault
 */
-void
+int
 vm_fault_quick(v, prot)
 	caddr_t v;
 	int prot;
 {
+	int r;
+
 	if (prot & VM_PROT_WRITE)
-		subyte(v, fubyte(v));
+		r = subyte(v, fubyte(v));
 	else
-		fubyte(v);
+		r = fubyte(v);
+	return(r);
 }

 /*
--- a/sys/kern/sys_pipe.c
+++ b/sys/kern/sys_pipe.c
@ -490,9 +490,8 @@ pipe_build_write_buffer(wpipe, uio)

 		vm_page_t m;

-		vm_fault_quick( (caddr_t) addr, VM_PROT_READ);
-		paddr = pmap_kextract(addr);
-		if (!paddr) {
+		if (vm_fault_quick((caddr_t)addr, VM_PROT_READ) < 0 ||
+		    (paddr = pmap_kextract(addr)) == 0) {
 			int j;
 			for(j=0;j<i;j++)
 				vm_page_unwire(wpipe->pipe_map.ms[j], 1);
--- a/sys/powerpc/aim/vm_machdep.c
+++ b/sys/powerpc/aim/vm_machdep.c
@ -97,15 +97,17 @@
 /*
 * quick version of vm_fault
 */
-void
+int
 vm_fault_quick(v, prot)
 	caddr_t v;
 	int prot;
 {
+	int r;
 	if (prot & VM_PROT_WRITE)
-		subyte(v, fubyte(v));
+		r = subyte(v, fubyte(v));
 	else
-		fubyte(v);
+		r = fubyte(v);
+	return(r);
 }

 /*
--- a/sys/powerpc/powerpc/vm_machdep.c
+++ b/sys/powerpc/powerpc/vm_machdep.c
@ -97,15 +97,17 @@
 /*
 * quick version of vm_fault
 */
-void
+int
 vm_fault_quick(v, prot)
 	caddr_t v;
 	int prot;
 {
+	int r;
 	if (prot & VM_PROT_WRITE)
-		subyte(v, fubyte(v));
+		r = subyte(v, fubyte(v));
 	else
-		fubyte(v);
+		r = fubyte(v);
+	return(r);
 }

 /*
--- a/sys/vm/vm_extern.h
+++ b/sys/vm/vm_extern.h
@ -99,7 +99,7 @@ void vslock __P((caddr_t, u_int));
 void vsunlock __P((caddr_t, u_int, int));
 void vm_object_print __P((/* db_expr_t */ long, boolean_t, /* db_expr_t */ long,
 			  char *));
-void vm_fault_quick __P((caddr_t v, int prot));
+int vm_fault_quick __P((caddr_t v, int prot));

 #endif				/* KERNEL */