vm_phys: Check RB_FIND() return value in case it is NULL
When trying to unregister a fictitious range in `vm_phys_fictitious_unreg_range()`, the function checks the properties of the looked up segment, but it does not check if a segment was found in the first place. This can happen with the amdgpu DRM driver which could call `vm_phys_fictitious_unreg_range()` without a fictitious range registered if the initialisation of the driver failed (for example because firmwares are unavailable). The code in the DRM driver was improved to avoid that, but `vm_phys_fictitious_unreg_range()` should still check the return value of `RB_FIND()` before trying to dereference the segment pointer and panic with a page fault. Reviewed by: emaste Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D55076
This commit is contained in:
+1
-1
@@ -1213,7 +1213,7 @@ vm_phys_fictitious_unreg_range(vm_paddr_t start, vm_paddr_t end)
|
||||
|
||||
rw_wlock(&vm_phys_fictitious_reg_lock);
|
||||
seg = RB_FIND(fict_tree, &vm_phys_fictitious_tree, &tmp);
|
||||
if (seg->start != start || seg->end != end) {
|
||||
if (seg == NULL || seg->start != start || seg->end != end) {
|
||||
rw_wunlock(&vm_phys_fictitious_reg_lock);
|
||||
panic(
|
||||
"Unregistering not registered fictitious range [%#jx:%#jx]",
|
||||
|
||||
Reference in New Issue
Block a user