Make sure we don't index the pm_rid array out of bounds in

pmap_ensure_rid(). This can happen because the function is called for both user and kernel addresses, while the rid array only has room for user addresses. This bug got exposed by rev 1.58 of ia64/ia64/pmap.c and rev 1.8 of ia64/include/pmap.h.
2002-05-04 08:04:28 +00:00 · 2002-05-04 08:04:28 +00:00 · 9a1bf46934
commit 9a1bf46934
parent 698f85d3e3
1 changed files with 10 additions and 0 deletions
--- a/sys/ia64/ia64/pmap.c
+++ b/sys/ia64/ia64/pmap.c
@ -637,6 +637,16 @@ pmap_ensure_rid(pmap_t pmap, vm_offset_t va)
 	int rr;

 	rr = va >> 61;
+
+	/*
+	 * We get called for virtual addresses that may just as well be
+	 * kernel addresses (ie region 5, 6 or 7). Since the pm_rid field
+	 * only holds region IDs for user regions, we have to make sure
+	 * the region is within bounds.
+	 */
+	if (rr >= 5)
+		return;
+
 	if (pmap->pm_rid[rr])
 		return;