From 609cc5233e6a6a6d707881a53b90cb1ee619205e Mon Sep 17 00:00:00 2001 From: Matthew Dillon Date: Sat, 19 Nov 2011 00:06:53 -0800 Subject: [PATCH] kernel - Fix crash in pmap_enter() * When taking a concurrent fault in KVM on a pipe buffer the pte replacement path when a pte is found to already exist was not checking whether pt_pv was NULL or not before trying to wire its page. Reported-by: n00b183 --- sys/platform/pc64/x86_64/pmap.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sys/platform/pc64/x86_64/pmap.c b/sys/platform/pc64/x86_64/pmap.c index d8adbbc707..66c5a1cbc1 100644 --- a/sys/platform/pc64/x86_64/pmap.c +++ b/sys/platform/pc64/x86_64/pmap.c @@ -3091,8 +3091,12 @@ pmap_enter(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot, * pmap_remove_pv_pte() unwires pt_pv and assumes * we will free pte_pv, but since we are reusing * pte_pv we want to retain the wire count. + * + * pt_pv won't exist for a kernel page (managed or + * otherwise). */ - vm_page_wire_quick(pt_pv->pv_m); + if (pt_pv) + vm_page_wire_quick(pt_pv->pv_m); if (prot & VM_PROT_NOSYNC) pmap_remove_pv_pte(pte_pv, pt_pv, NULL); else -- 2.41.0