diff options
| author | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2023-08-14 22:05:39 +0200 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2023-08-14 22:42:21 +0200 |
| commit | 160f9286fd8b6e358244e2642c3068c9484d82d0 (patch) | |
| tree | bca605aae9f53a095a75cc48f8c36c141c936f1b /i386 | |
| parent | 0c33f0461f466754b47797f6f860c70520a8ccbb (diff) | |
| download | gnumach-160f9286fd8b6e358244e2642c3068c9484d82d0.tar.gz gnumach-160f9286fd8b6e358244e2642c3068c9484d82d0.tar.bz2 gnumach-160f9286fd8b6e358244e2642c3068c9484d82d0.zip | |
pmap: Fix mayhem when releasing near the end of virtual memory
l is used to skip over the area mapped by a whole pde. It was clipped to
e, but if e is already near the end of virtual memory, l will
wrap-around to 0, and mayhem entails.
Diffstat (limited to 'i386')
| -rw-r--r-- | i386/intel/pmap.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/i386/intel/pmap.c b/i386/intel/pmap.c index d15e2418..6218b27a 100644 --- a/i386/intel/pmap.c +++ b/i386/intel/pmap.c @@ -1713,7 +1713,7 @@ void pmap_remove( pt_entry_t *pde = pmap_pde(map, s); l = (s + PDE_MAPPED_SIZE) & ~(PDE_MAPPED_SIZE-1); - if (l > e) + if (l > e || l < s) l = e; if (pde && (*pde & INTEL_PTE_VALID)) { spte = (pt_entry_t *)ptetokv(*pde); @@ -1948,7 +1948,7 @@ void pmap_protect( pt_entry_t *pde = pde = pmap_pde(map, s); l = (s + PDE_MAPPED_SIZE) & ~(PDE_MAPPED_SIZE-1); - if (l > e) + if (l > e || l < s) l = e; if (pde && (*pde & INTEL_PTE_VALID)) { spte = (pt_entry_t *)ptetokv(*pde); |