From b4cc0da680d9049aeee70928b34d6ed3cc02fa40 Mon Sep 17 00:00:00 2001
From: Matthew Dillon <dillon@apollo.backplane.com>
Date: Tue, 25 Nov 2014 10:57:13 -0800
Subject: [PATCH] kernel - Fix panic on upmap/kpmap read via procfs.

* Fix a panic when upmap/kpmap is accessed via procfs.

Reported-by: Joris Giovannangeli
---
 sys/vm/vm_fault.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c
index 79b06a3da8..8001188677 100644
--- a/sys/vm/vm_fault.c
+++ b/sys/vm/vm_fault.c
@@ -771,6 +771,35 @@ RetryFault:
 		    (u_long)vaddr);
 	}
 
+	/*
+	 * A user-kernel shared map has no VM object and bypasses
+	 * everything.  We execute the uksmap function with a temporary
+	 * fictitious vm_page.  The address is directly mapped with no
+	 * management.
+	 */
+	if (fs.entry->maptype == VM_MAPTYPE_UKSMAP) {
+		struct vm_page fakem;
+
+		bzero(&fakem, sizeof(fakem));
+		fakem.pindex = first_pindex;
+		fakem.flags = PG_BUSY | PG_FICTITIOUS | PG_UNMANAGED;
+		fakem.valid = VM_PAGE_BITS_ALL;
+		fakem.pat_mode = VM_MEMATTR_DEFAULT;
+		if (fs.entry->object.uksmap(fs.entry->aux.dev, &fakem)) {
+			*errorp = KERN_FAILURE;
+			fs.m = NULL;
+			unlock_things(&fs);
+			goto done2;
+		}
+		fs.m = PHYS_TO_VM_PAGE(fakem.phys_addr);
+		vm_page_hold(fs.m);
+
+		unlock_things(&fs);
+		*errorp = 0;
+		goto done;
+	}
+
+
 	/*
 	 * A system map entry may return a NULL object.  No object means
 	 * no pager means an unrecoverable kernel fault.
-- 
2.41.0