uvm_mapent_alloc() & NULL check

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

uvm_mapent_alloc() & NULL check

Martin Pieuchot
Variable `me' is never NULL before reaching RBT_POISON().  Diff has a
lot of context to ease the review.

CID 1453116 Dereference before null check

ok?

Index: uvm/uvm_map.c
===================================================================
RCS file: /cvs/src/sys/uvm/uvm_map.c,v
retrieving revision 1.263
diff -u -p -u -2 -0 -r1.263 uvm_map.c
--- uvm/uvm_map.c 4 Mar 2020 21:15:38 -0000 1.263
+++ uvm/uvm_map.c 24 Mar 2020 15:06:26 -0000
@@ -1736,44 +1736,41 @@ uvm_mapent_alloc(struct vm_map *map, int
  }
  me = SLIST_FIRST(&uvm.kentry_free);
  SLIST_REMOVE_HEAD(&uvm.kentry_free, daddrs.addr_kentry);
  uvmexp.kmapent++;
  mtx_leave(&uvm_kmapent_mtx);
  me->flags = UVM_MAP_STATIC;
  } else if (map == kernel_map) {
  splassert(IPL_NONE);
  me = pool_get(&uvm_map_entry_kmem_pool, pool_flags);
  if (me == NULL)
  goto out;
  me->flags = UVM_MAP_KMEM;
  } else {
  splassert(IPL_NONE);
  me = pool_get(&uvm_map_entry_pool, pool_flags);
  if (me == NULL)
  goto out;
  me->flags = 0;
  }
 
- if (me != NULL) {
- RBT_POISON(uvm_map_addr, me, UVMMAP_DEADBEEF);
- }
-
+ RBT_POISON(uvm_map_addr, me, UVMMAP_DEADBEEF);
 out:
  return(me);
 }
 
 /*
  * uvm_mapent_free: free map entry
  *
  * => XXX: static pool for kernel map?
  */
 void
 uvm_mapent_free(struct vm_map_entry *me)
 {
  if (me->flags & UVM_MAP_STATIC) {
  mtx_enter(&uvm_kmapent_mtx);
  SLIST_INSERT_HEAD(&uvm.kentry_free, me, daddrs.addr_kentry);
  uvmexp.kmapent--;
  mtx_leave(&uvm_kmapent_mtx);
  } else if (me->flags & UVM_MAP_KMEM) {
  splassert(IPL_NONE);
  pool_put(&uvm_map_entry_kmem_pool, me);

Reply | Threaded
Open this post in threaded view
|

Re: uvm_mapent_alloc() & NULL check

Mark Kettenis
> Date: Tue, 24 Mar 2020 16:08:56 +0100
> From: Martin Pieuchot <[hidden email]>
>
> Variable `me' is never NULL before reaching RBT_POISON().  Diff has a
> lot of context to ease the review.
>
> CID 1453116 Dereference before null check
>
> ok?

ok kettenis@

> Index: uvm/uvm_map.c
> ===================================================================
> RCS file: /cvs/src/sys/uvm/uvm_map.c,v
> retrieving revision 1.263
> diff -u -p -u -2 -0 -r1.263 uvm_map.c
> --- uvm/uvm_map.c 4 Mar 2020 21:15:38 -0000 1.263
> +++ uvm/uvm_map.c 24 Mar 2020 15:06:26 -0000
> @@ -1736,44 +1736,41 @@ uvm_mapent_alloc(struct vm_map *map, int
>   }
>   me = SLIST_FIRST(&uvm.kentry_free);
>   SLIST_REMOVE_HEAD(&uvm.kentry_free, daddrs.addr_kentry);
>   uvmexp.kmapent++;
>   mtx_leave(&uvm_kmapent_mtx);
>   me->flags = UVM_MAP_STATIC;
>   } else if (map == kernel_map) {
>   splassert(IPL_NONE);
>   me = pool_get(&uvm_map_entry_kmem_pool, pool_flags);
>   if (me == NULL)
>   goto out;
>   me->flags = UVM_MAP_KMEM;
>   } else {
>   splassert(IPL_NONE);
>   me = pool_get(&uvm_map_entry_pool, pool_flags);
>   if (me == NULL)
>   goto out;
>   me->flags = 0;
>   }
>  
> - if (me != NULL) {
> - RBT_POISON(uvm_map_addr, me, UVMMAP_DEADBEEF);
> - }
> -
> + RBT_POISON(uvm_map_addr, me, UVMMAP_DEADBEEF);
>  out:
>   return(me);
>  }
>  
>  /*
>   * uvm_mapent_free: free map entry
>   *
>   * => XXX: static pool for kernel map?
>   */
>  void
>  uvm_mapent_free(struct vm_map_entry *me)
>  {
>   if (me->flags & UVM_MAP_STATIC) {
>   mtx_enter(&uvm_kmapent_mtx);
>   SLIST_INSERT_HEAD(&uvm.kentry_free, me, daddrs.addr_kentry);
>   uvmexp.kmapent--;
>   mtx_leave(&uvm_kmapent_mtx);
>   } else if (me->flags & UVM_MAP_KMEM) {
>   splassert(IPL_NONE);
>   pool_put(&uvm_map_entry_kmem_pool, me);
>
>