Variable `me' is never NULL before reaching RBT_POISON(). Diff has a
lot of context to ease the review.
CID 1453116 Dereference before null check
ok?
Index: uvm/uvm_map.c
===================================================================
RCS file: /cvs/src/sys/uvm/uvm_map.c,v
retrieving revision 1.263
diff -u -p -u -2 -0 -r1.263 uvm_map.c
--- uvm/uvm_map.c 4 Mar 2020 21:15:38 -0000 1.263
+++ uvm/uvm_map.c 24 Mar 2020 15:06:26 -0000
@@ -1736,44 +1736,41 @@ uvm_mapent_alloc(struct vm_map *map, int
}
me = SLIST_FIRST(&uvm.kentry_free);
SLIST_REMOVE_HEAD(&uvm.kentry_free, daddrs.addr_kentry);
uvmexp.kmapent++;
mtx_leave(&uvm_kmapent_mtx);
me->flags = UVM_MAP_STATIC;
} else if (map == kernel_map) {
splassert(IPL_NONE);
me = pool_get(&uvm_map_entry_kmem_pool, pool_flags);
if (me == NULL)
goto out;
me->flags = UVM_MAP_KMEM;
} else {
splassert(IPL_NONE);
me = pool_get(&uvm_map_entry_pool, pool_flags);
if (me == NULL)
goto out;
me->flags = 0;
}
- if (me != NULL) {
- RBT_POISON(uvm_map_addr, me, UVMMAP_DEADBEEF);
- }
-
+ RBT_POISON(uvm_map_addr, me, UVMMAP_DEADBEEF);
out:
return(me);
}
/*
* uvm_mapent_free: free map entry
*
* => XXX: static pool for kernel map?
*/
void
uvm_mapent_free(struct vm_map_entry *me)
{
if (me->flags & UVM_MAP_STATIC) {
mtx_enter(&uvm_kmapent_mtx);
SLIST_INSERT_HEAD(&uvm.kentry_free, me, daddrs.addr_kentry);
uvmexp.kmapent--;
mtx_leave(&uvm_kmapent_mtx);
} else if (me->flags & UVM_MAP_KMEM) {
splassert(IPL_NONE);
pool_put(&uvm_map_entry_kmem_pool, me);
