kernel - Fix null-pointer crash in i386/pmap.c
authorMatthew Dillon <dillon@apollo.backplane.com>
Sat, 22 Oct 2011 21:07:29 +0000 (14:07 -0700)
committerMatthew Dillon <dillon@apollo.backplane.com>
Sat, 22 Oct 2011 21:07:29 +0000 (14:07 -0700)
* Related to recent work, check that m->object is not NULL

sys/platform/pc32/i386/pmap.c

index 977afd6..45e3a85 100644 (file)
@@ -1782,7 +1782,8 @@ pmap_remove_entry(struct pmap *pmap, vm_page_t m,
        test_m_maps_pv(m, pv);
        TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
        m->md.pv_list_count--;
-       atomic_add_int(&m->object->agg_pv_list_count, -1);
+       if (m->object)
+               atomic_add_int(&m->object->agg_pv_list_count, -1);
        if (TAILQ_EMPTY(&m->md.pv_list))
                vm_page_flag_clear(m, PG_MAPPED | PG_WRITEABLE);
        TAILQ_REMOVE(&pmap->pm_pvlist, pv, pv_plist);
@@ -1818,7 +1819,8 @@ pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t mpte, vm_page_t m)
        TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
        ++pmap->pm_generation;
        m->md.pv_list_count++;
-       atomic_add_int(&m->object->agg_pv_list_count, 1);
+       if (m->object)
+               atomic_add_int(&m->object->agg_pv_list_count, 1);
 }
 
 /*
@@ -2061,7 +2063,8 @@ pmap_remove_all(vm_page_t m)
                TAILQ_REMOVE(&pv->pv_pmap->pm_pvlist, pv, pv_plist);
                ++pv->pv_pmap->pm_generation;
                m->md.pv_list_count--;
-               atomic_add_int(&m->object->agg_pv_list_count, -1);
+               if (m->object)
+                       atomic_add_int(&m->object->agg_pv_list_count, -1);
                if (TAILQ_EMPTY(&m->md.pv_list))
                        vm_page_flag_clear(m, PG_MAPPED | PG_WRITEABLE);
                vm_object_hold(pv->pv_pmap->pm_pteobj);
@@ -2969,7 +2972,8 @@ pmap_remove_pages(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
                save_generation = ++pmap->pm_generation;
 
                m->md.pv_list_count--;
-               atomic_add_int(&m->object->agg_pv_list_count, -1);
+               if (m->object)
+                       atomic_add_int(&m->object->agg_pv_list_count, -1);
                TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
                if (TAILQ_EMPTY(&m->md.pv_list))
                        vm_page_flag_clear(m, PG_MAPPED | PG_WRITEABLE);