CVS commit: src/sys/uvm

Tue, 13 Aug 2024 17:41:58 -0700 

Module Name:    src
Committed By:   riastradh
Date:           Wed Aug 14 00:41:46 UTC 2024

Modified Files:
        src/sys/uvm: uvm_map.c

Log Message:
uvm_map(9): Avoid potential arithmetic overflow.

Should be harmless in this case because vaddr_t is unsigned, so
there's no undefined behaviour here, but let's make it unnecessary to
wonder whether overflow is a problem.

No functional change intended.

PR kern/51254: uvm assertion "!topdown || hint <= orig_hint" failed


To generate a diff of this commit:
cvs rdiff -u -r1.418 -r1.419 src/sys/uvm/uvm_map.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/uvm/uvm_map.c
diff -u src/sys/uvm/uvm_map.c:1.418 src/sys/uvm/uvm_map.c:1.419
--- src/sys/uvm/uvm_map.c:1.418	Wed Aug 14 00:41:30 2024
+++ src/sys/uvm/uvm_map.c	Wed Aug 14 00:41:46 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: uvm_map.c,v 1.418 2024/08/14 00:41:30 riastradh Exp $	*/
+/*	$NetBSD: uvm_map.c,v 1.419 2024/08/14 00:41:46 riastradh Exp $	*/
 
 /*
  * Copyright (c) 1997 Charles D. Cranor and Washington University.
@@ -66,7 +66,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uvm_map.c,v 1.418 2024/08/14 00:41:30 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uvm_map.c,v 1.419 2024/08/14 00:41:46 riastradh Exp $");
 
 #include "opt_ddb.h"
 #include "opt_pax.h"
@@ -1820,11 +1820,13 @@ uvm_map_space_avail(vaddr_t *start, vsiz
 	 * Find the end of the proposed new region.  Be sure we didn't
 	 * wrap around the address; if so, we lose.  Otherwise, if the
 	 * proposed new region fits before the next entry, we win.
+	 *
+	 * XXX Should this use vm_map_max(map) as the max?
 	 */
 
-	end = *start + length;
-	if (end < *start)
+	if (length > __type_max(vaddr_t) - *start)
 		return (-1);
+	end = *start + length;
 
 	if (entry->next->start >= end && *start >= entry->end)
 		return (1);
@@ -2019,8 +2021,8 @@ uvm_map_findspace(struct vm_map *map, va
 		KASSERT(entry->next == &map->header ||
 		    hint < entry->next->start);
 		if (flags & UVM_FLAG_FIXED) {
-			if (entry->next->start >= hint + length &&
-			    hint + length > hint)
+			if (entry->next->start >= hint &&
+			    length <= entry->next->start - hint)
 				goto found;
 
 			/* "hint" address is gap but too small */
@@ -2286,7 +2288,8 @@ nextgap:
 	UVMHIST_LOG(maphist,"<- got it!  (result=%#jx)", hint, 0,0,0);
 	INVARIANTS();
 	KASSERT(entry->end <= hint);
-	KASSERT(hint + length <= entry->next->start);
+	KASSERT(hint <= entry->next->start);
+	KASSERT(length <= entry->next->start - hint);
 	return (entry);
 
  wraparound:

Reply via email to