summaryrefslogtreecommitdiff
path: root/sys/src/9/port/fault.c
diff options
context:
space:
mode:
authorcinap_lenrek <cinap_lenrek@felloff.net>2015-03-10 18:16:08 +0100
committercinap_lenrek <cinap_lenrek@felloff.net>2015-03-10 18:16:08 +0100
commit4d211fdd4801bd6db06ae2c0a72b47de55f3194c (patch)
tree4fe0dd7a7a8a785f42812d4868168c5d7aba05ef /sys/src/9/port/fault.c
parent5639d1e5fc46c5f236cff7168a5800367368a6ec (diff)
kernel: fix integer overflow in syssegflush(), segment code cleanup
mcountseg(), mfreeseg(): use Pte.first/last pointers when possible and avoid constructs like s->map[i]->pages[j]. freepte(): do not zero entries in freepte(), the segment is going away and here is no point in zeroing page pointers. hoist common code at the top avoiding duplication. segpage(), fixfault(): avoid load after store for Pte** pointer. fixfault(): return -1 in default case to avoid the "used but not set" warning for mmuphys and get rid of the useless initialization. syssegflush(): due to len being unsigned, the pe = PGROUND(pe) can make "chunk" bigger than len causing a overflow. rewrite the function and deal with page alignment and errors at the beginning. syssegflush(), segpage(), fixfault(), putseg(), relocateseg(), mcountseg(), mfreeseg(): keep naming consistent.
Diffstat (limited to 'sys/src/9/port/fault.c')
-rw-r--r--sys/src/9/port/fault.c13
1 files changed, 6 insertions, 7 deletions
diff --git a/sys/src/9/port/fault.c b/sys/src/9/port/fault.c
index b6f5e3894..5aff0a731 100644
--- a/sys/src/9/port/fault.c
+++ b/sys/src/9/port/fault.c
@@ -197,17 +197,16 @@ int
fixfault(Segment *s, uintptr addr, int read, int doputmmu)
{
int type;
- Pte **p, *etp;
- uintptr soff, mmuphys=0;
+ Pte **pte, *etp;
+ uintptr soff, mmuphys;
Page **pg, *old, *new;
addr &= ~(BY2PG-1);
soff = addr-s->base;
- p = &s->map[soff/PTEMAPMEM];
- if(*p == nil)
- *p = ptealloc();
+ pte = &s->map[soff/PTEMAPMEM];
+ if((etp = *pte) == nil)
+ *pte = etp = ptealloc();
- etp = *p;
pg = &etp->pages[(soff&(PTEMAPMEM-1))/BY2PG];
type = s->type&SG_TYPE;
@@ -219,7 +218,7 @@ fixfault(Segment *s, uintptr addr, int read, int doputmmu)
switch(type) {
default:
panic("fault");
- break;
+ return -1;
case SG_TEXT: /* Demand load */
if(pagedout(*pg))
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 02:05:38 +0000