Ignore invalid page descriptors in ARM64 pmap_mincore

Prevent the function from null-pointer-dereference when unexisting mapping is being processed. Obtained from: Semihalf Sponsored by: Cavium Approved by: cognet (mentor) Reviewed by: zbb, cognet Differential revision: https://reviews.freebsd.org/D5228
2016-02-09 06:26:27 +00:00 · 2016-02-09 06:26:27 +00:00 · c00a03a11d
commit c00a03a11d
parent 91ef8da010
1 changed files with 12 additions and 0 deletions
--- a/sys/arm64/arm64/pmap.c
+++ b/sys/arm64/arm64/pmap.c
@ -3074,7 +3074,11 @@ pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *locked_pa)
 	l1p = pmap_l1(pmap, addr);
 	if (l1p == NULL) /* No l1 */
 		goto done;
+
 	l1 = pmap_load(l1p);
+	if ((l1 & ATTR_DESCR_MASK) == L1_INVAL)
+		goto done;
+
 	if ((l1 & ATTR_DESCR_MASK) == L1_BLOCK) {
 		pa = (l1 & ~ATTR_MASK) | (addr & L1_OFFSET);
 		managed = (l1 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;
@ -3089,7 +3093,11 @@ pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *locked_pa)
 	l2p = pmap_l1_to_l2(l1p, addr);
 	if (l2p == NULL) /* No l2 */
 		goto done;
+
 	l2 = pmap_load(l2p);
+	if ((l2 & ATTR_DESCR_MASK) == L2_INVAL)
+		goto done;
+
 	if ((l2 & ATTR_DESCR_MASK) == L2_BLOCK) {
 		pa = (l2 & ~ATTR_MASK) | (addr & L2_OFFSET);
 		managed = (l2 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;
@ -3104,7 +3112,11 @@ pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *locked_pa)
 	l3p = pmap_l2_to_l3(l2p, addr);
 	if (l3p == NULL) /* No l3 */
 		goto done;
+
 	l3 = pmap_load(l2p);
+	if ((l3 & ATTR_DESCR_MASK) == L3_INVAL)
+		goto done;
+
 	if ((l3 & ATTR_DESCR_MASK) == L3_PAGE) {
 		pa = (l3 & ~ATTR_MASK) | (addr & L3_OFFSET);
 		managed = (l3 & ATTR_SW_MANAGED) == ATTR_SW_MANAGED;