pmap: Fix mayhem when releasing near the end of virtual memory

l is used to skip over the area mapped by a whole pde. It was clipped to e, but if e is already near the end of virtual memory, l will wrap-around to 0, and mayhem entails.
author: Samuel Thibault <samuel.thibault@ens-lyon.org> 2023-08-14 22:05:39 +0200
committer: Samuel Thibault <samuel.thibault@ens-lyon.org> 2023-08-14 22:42:21 +0200
commit: 160f9286fd8b6e358244e2642c3068c9484d82d0 (patch)
tree: bca605aae9f53a095a75cc48f8c36c141c936f1b /i386/intel
parent: 0c33f0461f466754b47797f6f860c70520a8ccbb (diff)
download: gnumach-160f9286fd8b6e358244e2642c3068c9484d82d0.tar.gz
gnumach-160f9286fd8b6e358244e2642c3068c9484d82d0.tar.bz2
gnumach-160f9286fd8b6e358244e2642c3068c9484d82d0.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/i386/intel/pmap.c b/i386/intel/pmap.c
index d15e2418..6218b27a 100644
--- a/i386/intel/pmap.c
+++ b/i386/intel/pmap.c
@@ -1713,7 +1713,7 @@ void pmap_remove(
 	    pt_entry_t *pde = pmap_pde(map, s);
 
 	    l = (s + PDE_MAPPED_SIZE) & ~(PDE_MAPPED_SIZE-1);
-	    if (l > e)
+	    if (l > e || l < s)
 		l = e;
 	    if (pde && (*pde & INTEL_PTE_VALID)) {
 		spte = (pt_entry_t *)ptetokv(*pde);
@@ -1948,7 +1948,7 @@ void pmap_protect(
 	    pt_entry_t *pde = pde = pmap_pde(map, s);
 
 	    l = (s + PDE_MAPPED_SIZE) & ~(PDE_MAPPED_SIZE-1);
-	    if (l > e)
+	    if (l > e || l < s)
 		l = e;
 	    if (pde && (*pde & INTEL_PTE_VALID)) {
 		spte = (pt_entry_t *)ptetokv(*pde);
author	Samuel Thibault <samuel.thibault@ens-lyon.org>	2023-08-14 22:05:39 +0200
committer	Samuel Thibault <samuel.thibault@ens-lyon.org>	2023-08-14 22:42:21 +0200
commit	160f9286fd8b6e358244e2642c3068c9484d82d0 (patch)
tree	bca605aae9f53a095a75cc48f8c36c141c936f1b /i386/intel
parent	0c33f0461f466754b47797f6f860c70520a8ccbb (diff)
download	gnumach-160f9286fd8b6e358244e2642c3068c9484d82d0.tar.gz gnumach-160f9286fd8b6e358244e2642c3068c9484d82d0.tar.bz2 gnumach-160f9286fd8b6e358244e2642c3068c9484d82d0.zip